The costs of data breaches rose in 2008 to $6.6 million per incident, despite companies' improvement in handling the incidents, according to a study published by the Ponemon Institute on Monday.
The study (registration required), funded by data security firm PGP Corp., analyzed the actual data breaches experienced by 43 U.S. companies in 17 different industry sectors, involving anywhere from about 4,200 records to more than 113,000 records. The researchers found that the average costs of data breaches increased about 2.5 percent to $202 per record in 2008, up from $197 per record in 2007 and $182 per record in 2006. The average breach cost a company $6.6 million in 2008, up from $6.3 million in 2007 and $4.7 million in 2006, the study stated.
Costs included the costs of detecting and responding to the loss of data, along with legal and administrative expenses, customer defections and opportunity loss.
"After four years of conducting this study, one thing remains constant, U.S. businesses continue to pay dearly for having a data breach," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."
The study comes two weeks after Heartland Payment Systems — a processor of credit, debit and check transactions — disclosed the initial details of a network intrusion that resulted in millions of transaction details, such as account numbers and card details, being stolen by online criminals. Last week, jobs site Monster.com revealed some details of its second data breach in as many years. And, in 2007, retail giant TJXrevealed that 46 million credit- and debit-card transactions had been stolen, an estimate that details in one lawsuit doubled to nearly 100 million.
According to the Ponemon Institute's study, the Heartland breach will likely be more costly than the theft of data from TJX. Financial services and healthcare companies were more likely to lose customers as a result of a data breach, raising the cost of the average breach to $282 per record, compared to $131 per record for a retail incident. Nearly 90 percent of all data breaches involved negligence, the company said.
While legal fees and customer losses moved breach costs higher, companies reduced the costs of dealing with breaches, signaling that firms and their third-party providers are becoming more cost effective in responding to data breaches, the Ponemon Institute stated in the report.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos