Research
Poneman's 2007 Cost of a Breach Survey: Cost Per Compromised Record Rises to Almost $200
By Katherine Walsh
November 29, 2007
—
CSO
—
Despite growing compliance requirements and increased state-by-state adoption of breach notification laws, the cost of a data breach continues to rise, according to The Ponemon Institute’s 2007 Annual Cost of a Data Breach study, sponsored by PGP and Vontu. Companies reported spending $197 per compromised record, an increase of 8 percent over last year.
The study examined the breach response activities of 35 companies known to have experienced a breach involving the loss of personal data during the year, according to John Dasher, director of product management at PGP. Those organizations spent an average of $6.3 million per breach. Sixty-five percent of that was attributed to lost business, compared to 54 percent in 2006, according to the study. That’s an average of $4.1 million, or $128 per compromised record, in business losses alone.
The number of customers who quit doing business with a company after a breach is partially to blame: In 2007, the churn rate attributed to a breach was 2.7 percent, as opposed to just over 2 percent the year before. That kind of turnover results in decreased revenues and higher costs associated with increased marketing to acquire new customers.
Breach incidents involving third-party organizations such as outsourcers, contractors, consultants and business partners are also on the rise. Forty percent of respondents reported breaches by third parties, an increase of 11 percent over last year. Such breaches are also more costly to the organization, averaging $231 compared to $171 per record. "That’s because they not only have to handle whatever problems they have behind their own four walls, but also have to work with their partner to help them fix their problems," says Dasher.
While data breaches cost more this year overall, some of the associated costs actually declined. Costs related to investigations, notification of impacted individuals and free credit monitoring decreased 15 percent over last year. Dasher thinks this is likely due to the fact that data breach response has matured. “It’s not so much because companies aren’t spending money in these areas, but that they are getting smarter about how they spend it." Companies used to be all over the map with how they responded to a breach, says Dasher. Now, rather than e-mail, call and send registered mail to the customer, they may choose only one of those options to get the message across. The decrease may also be an indication that organizations are learning from past b
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Discover whether hosting is your smartest choice for enterprise messaging.
To host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.
- Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
- Stop mobility from jeopardizing PCI compliance with these best practices.
- Controlling High Fraud Risk of International Transactions
- 5 Strategies for Reducing the High Cost of Online Consumer Authentication
- Enterprise Management Associates: Taking the Botnet Threat Seriously
- Understanding Data Location is Imperative for Data Loss Prevention
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
