The cost of data breaches has risen 30 percent over the past year, according to a new Ponemon Institute study released Monday at InfoSecurity NY.
The study, which polled 31 organizations that had suffered a recent data breach, reveals they lost $182 per customer record, up from around $140 in 2005, Andrew Krcik, vice president of marketing at PGP, told SC Magazine.com today at the show.
PGP and Vontu sponsored the study.
The average total loss per organization totaled about $4.8 million per breach and ranged between $226,000 and $22 million, the study revealed. The brunt of the losses was attributable to lost customers, Krcik said. Roughly two percent of customers abandoned the companies following the breaches, he said.
Among the other significant drivers for the cost-per-breach increase were telephone calls made by the organization to notify victims about the breach, Krcik said. This resulted in both direct cost and lost employee productivity. Many organizations have begun taking this approach, subscribing to the belief that "the personal touch" of a phone call "makes people less upset," he said.
Meanwhile, the study found an alarming trend that could speak to why breaches continue to plague organizations. It revealed that the affected respondents' IT security departments bore none of the data breach costs, compared to marketing (55 percent), customer support (34 percent) and legal, audit and risk management (11 percent).
"It tells you why companies have been slow to put in their preventative measures," Krcik said. "The blow doesn't fall on their heads."
But organizations must realize: "You can buy a lot of prevention for this kind of money ($4.8 million average total loss)," he said.
Click here to email Dan Kaplan.