The Ponemon Institute has published a study on Monday which shows that the costs of data breaches rose in 2008 to $6.6 million per incident. The study is available after a registration at www.encryptionreports.com.
The study was funded by the PGP Corp., a data security organization. The study analyzed the data breaches experienced by 43 U.S. businesses in 17 industry sectors. The breaches covered loss of anywhere from 4,000 records to more than 113,000 records. The average costs of a data breach were $202 per record in 2008 (up 2.5% from $197 per record in 2007). The cost of an average data breach was $4.7 million in 2006, $6.3 million in 2007, and it rose to $6.6 million in 2008.
The costs included the costs of detection and response to the loss of data. It also included the administrative and legal expenses of a data breach. Cost of opportunity loss and possible customer defections were also included in arriving at the figures.
Larry Ponemon, Chairman of the Ponemon Institute, said that companies need to remain on guard or face losing valuable customers if a data breach were to occur.
This study has come a couple of weeks after Heartland Payment Systems (a processor of credit/debit/check transactions) disclosed the details of a network intrusion that resulted in loss of millions of transaction details to online criminals. Just last week, Monster.com disclosed a data breach. In 2007, TJX, the retailer revealed the loss of 46 million credit and debit card transaction details.
The study says that the Heartland data breach is likely to cost more than the TJX data theft.
Healthcare providers and financial service providers seem to be more likely to lose their customers as a result of a data breach. For them the cost of a data breach is $282 per record, compared to $131 for a retail record. About 90% of all data breaches are caused by negligence.
Third-party providers are now being more cost-effective in their response toward incidents of data breaches, as stated in the Ponemon report.