Cost of data breaches keeps rising

Average total cost of breaches rose to US$6.3 million in 2007

Organizations that experience data breaches are paying more than ever to recover from the incidents and retain customers once the events become public knowledge, according to a new research report.

In its third annual study into the financial impact of data breaches, Ponemon Institute reports the episodes are costing an average of US$197 per lost or stolen customer record during 2007, a slight bump from the figure of US$182 per exposed record that it tracked one year ago, and a significant gain over the estimate of US$128 per record that the research firm published in its initial 2005 survey.

Based on interviews conducted with 35 organizations that experienced data incidents in the last year, the Ponemon study found the average total cost of the breaches rose to US$6.3 million in 2007, compared to an average of US$4.8 million in 2006.

The average number of records exposed in the breaches Ponemon studied was roughly 20,000 per incident, although among those organizations surveyed the incidents ranged from as few as 4,000 records to more than 125,000 records.

One of the issues driving the continued escalation of data breach remediation expenses, according to the research, is the estimated cost of lost business and so-called customer churn that results from notification of the episodes.

Ponemon said the impact of customer churn and the amount of money necessary to acquire new business grew to an average of US$128 per misplaced or stolen record in 2007, roughly a 30 percent increase over the figure of US$98 per record published in last year's study.

Among the other expenses facing organizations that suffer data incidents are monies spent to provide customer support and credit monitoring services to affected individuals, along with budgets allocated for advertising and marketing efforts aimed at repairing companies' public images.

However, while the cost of breaches has continued to rise, the research company contends that many organizations have improved their ability to react to the events.

Even those firms who have experienced repeated incidents seem to have woken up to the idea of planning ahead and trying to prepare for the situation, said Dr. Larry Ponemon, the research firm's founder and chairman.

"We're finding that organizations seem to be better prepared with response plans, especially those that have experienced more than one breach, which was more than half of the people we interviewed," Ponemon said. "Companies have found that some of the tactics they used several years ago to respond didn't work out like they had imagined, and they're trying to find the most effective ways to retain customers while driving down costs."

For instance, said Ponemon, many companies affected by breaches in prior years attempted to curry favor with their customers by handing out gift coupons for their products or services.

Those efforts didn't have the desired impact on the issue of customer turnover, while most of the coupons were eventually redeemed, driving related expenses even higher. As such, most organizations have abandoned the approach in favor of other tactics, including spending more money on recruiting new customers, he said.

Companies have also found that most customers do not utilize the credit monitoring services organizations frequently offer in the wake of a breach to help people monitor their records for potential fraud, the expert maintains. By scaling back those offers and spending more money on image control, organizations have been able to cut some costs, he said.

As a result, the average cost of notifying customers of a data breach actually dropped significantly -- or roughly 40 percent -- falling from US$25 per lost record one year ago to US$15 in 2007, according to the report -- which was co-sponsored by security vendors PGP and Vontu.

Another emerging area of focus for companies dealing with data breaches has been to force their business partners to do a better job of protecting their customer data.

Some 40 percent of those organizations interviewed attributed the cause of their incidents to third parties, such as contractors and consultants, representing a nearly 30 percent increase over 2006.

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?