Risk
4/29/2010
11:47 AM
Keith Ferrell
Keith Ferrell
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Data Breaches More Costly In U.S. Than Elsewhere

Data breaches cost U.S. companies twice as much as they do in other countries, according to a new Ponemon Institute study. Which adds up to twice as many reasons not to get breached!

Data breaches cost U.S. companies twice as much as they do in other countries, according to a new Ponemon Institute study. Which adds up to twice as many reasons not to get breached!The array of regulations, laws and disclosure requirements that come into play when company data is breached have raised the cost of those breaches higher in the U.S. than Europe, a new global study from the Ponemon Institute shows.

According to the study, sponsored by security company PGP. U.S. companies incur costs averaging $204 per compromised record. In Germany, where disclosure and other regulations are being strengthened, the average cost is $177; in the U.K., whose regulations are relatively lax (so far; this will change in the next year or two) the cost is under $100 per record.

Globally, the average cost per record is $143.

As Germany's figures show, the cost of breaches increases along with the reach of legislation and regulation.

How much of an increase? Check this out: Ponemon reports that between 2005 and 2009 the average company cost of a breach incident rose from 4.5 million to 6.65 million.

Stricter regulation, and concerns about being in violation of those regulations following a breach, may lead some companies to over-spend on notifications, alerting all customers of a possible breach, when only a limited number of records were actually compromised.

Not that avoiding notification is any kind of solution. As a Ponemon executive pointed out, bluntly, non-disclosure is "against the law."

The challenge is balancing the degree and speed of notification against the degree of understanding and awareness of the breach's severity, and how that severity affects notification procedures.

The 2009 Cost Of A Data Breach report can be downloaded here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3621
Published: 2014-10-02
The catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

CVE-2014-6242
Published: 2014-10-02
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged usi...

CVE-2014-6414
Published: 2014-10-02
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.

CVE-2014-6856
Published: 2014-10-02
The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6857
Published: 2014-10-02
The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.