TopNav + search

Messaging Newswire

Bi-monthly email newsletters
on email security & collaboration

Latest Newswire Issue
Subscribe to Newswire
Newswire Back Issues
Advertise

Messaging News Magazine

Messaging News Magazine

Subscribe to Magazine
Back Issues
Advertise

Cost of a Data Breach

If confidential or personal data is lost, stolen, or compromised, organizations are required by law in many states to notify those individuals of the loss. As of 2007, this includes at least 35 U.S. states. Additionally, the U.S. Senate and House of Representatives are reviewing federal laws regarding data privacy and breach notification. In November, the Ponemon Institute published an interesting study summarizing the actual costs incurred by 35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals. Because this is the third year of the study, noteworthy year over year data is becoming available.

Key Study Findings

Total Costs Increase: The total averages costs of a data breach grew to US$197 per record compromised, an increase of 8 percent since 2006 and 43 percent compared to 2005. The average total cost per reporting company was more than US$6.3 million per breach and ranged from US$225,000 to almost US$35 million.

Cost of Lost Business Accelerates: The cost of lost business continued to increase at more than 30 percent, averaging US$4.1 million or US$128 per record compromised. Lost business now accounts for 65 percent of data breach costs compared to 54 percent in the 2006 study.

Third-Party Data Breaches Increase, and Cost More: Breaches by third-party organizations such as outsourcers, contractors, consultants, and business partners were reported by 40 percent of respondents, up from 29 percent in 2006 and 21 percent in 2005. Breaches by third parties were also more costly than breaches by the enterprise itself, averaging US$231 compared to US$171 per record.

Other Data Breach Costs Decrease, As Response to Breaches Matures: Other costs associated with a data breach decreased 15 percent from 2006. The costs include investigations, notification of impacted individuals, and services such as offering free credit monitoring. This decrease appears to indicate that rganizations are learning from past breach responses and are being more measured in their response by offering fewer free services, for example.

Encryption and Data Loss Prevention Use Increase Following a Breach: Encryption and data loss prevention (DLP) solutions were the top two technology responses following a data breach. This finding indicates that organizations increasingly understand the benefits of enterprise data protection in securing data wherever it is stored or used.

The study clearly shows that data breach costs continue to rise and notes that these costs have increased more than 43 percent since 2005. Data breaches represent a significant risk to organizations of all size and industries, and Ponemon's annual study, which is sponsored by PGP Corporation and Vontu, Inc., offers convincing evidence of this. SJ/TMP

Continued >

Encrypting Data
Encryption Drivers |  Encrypting Data |  Encryption ROI |  Moving Forward |  Cost of a Data Breach |  Data Loss Prevention and Encryption