Annual study reveals cost of a data breach keeps climbing

Share this article:
Data breaches cost organizations $202 per exposed record last year, a 2.3 percent increase over 2007, concluded the fourth annual Ponemon Institute study released on Monday.

The study, which examined the repercussions felt by 43 U.S. companies that suffered breaches last year, also revealed that lost business makes up nearly 70 percent of breach costs, up from 54 percent just two years ago. The average rate of churn -- defined as the rate by which customers cease doing business with the breached firm -- was 3.6 percent, up from 2.7 percent in 2007 and two percent in 2006.

Financial services firms and health care organizations were the most susceptible to customer attrition following a data-loss incident, experiencing churn rates of 5.5 percent and 6.5 percent, respectively, according to the study. Meanwhile, the average cost of a health-care breach was $282, about $150 more than the average retail breach.

Phil Dunkelberger, CEO of encryption firm PGP, which sponsored the study, said the churn rates show that customers are increasingly dissatisfied with companies that fail to safeguard their information.

"The news is that...with all these compromises going on, when are [organizations] going to get the message that people want their data protected?" he told SCMagazineUS.com. "If you're having a data breach at this point, it's not because, 'Wow, we didn't know.'"

Forty-four percent of respondents said the breaches were caused by third parties, such as outsourcers, contractors, consultants or other partners. That number is up from 40 percent in 2007 and 21 percent in 2005.

"Organizations should closely evaluate the enterprise data protection policies and systems used with and by third-party outsourcers or consultants," the study said, adding that the security of on-demand services also needs to be closely observed.

Companies said they are trying to fix the breach threat by increasing awareness training and instituting measures such as encryption, identity and access management and data-loss prevention, according to the study.

"The data is showing that unless you've got a core strategy, your business is at risk," Dunkelberger said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.