Risk
4/29/2010
11:47 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Data Breaches More Costly In U.S. Than Elsewhere

Data breaches cost U.S. companies twice as much as they do in other countries, according to a new Ponemon Institute study. Which adds up to twice as many reasons not to get breached!

Data breaches cost U.S. companies twice as much as they do in other countries, according to a new Ponemon Institute study. Which adds up to twice as many reasons not to get breached!The array of regulations, laws and disclosure requirements that come into play when company data is breached have raised the cost of those breaches higher in the U.S. than Europe, a new global study from the Ponemon Institute shows.

According to the study, sponsored by security company PGP. U.S. companies incur costs averaging $204 per compromised record. In Germany, where disclosure and other regulations are being strengthened, the average cost is $177; in the U.K., whose regulations are relatively lax (so far; this will change in the next year or two) the cost is under $100 per record.

Globally, the average cost per record is $143.

As Germany's figures show, the cost of breaches increases along with the reach of legislation and regulation.

How much of an increase? Check this out: Ponemon reports that between 2005 and 2009 the average company cost of a breach incident rose from 4.5 million to 6.65 million.

Stricter regulation, and concerns about being in violation of those regulations following a breach, may lead some companies to over-spend on notifications, alerting all customers of a possible breach, when only a limited number of records were actually compromised.

Not that avoiding notification is any kind of solution. As a Ponemon executive pointed out, bluntly, non-disclosure is "against the law."

The challenge is balancing the degree and speed of notification against the degree of understanding and awareness of the breach's severity, and how that severity affects notification procedures.

The 2009 Cost Of A Data Breach report can be downloaded here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

CVE-2015-0802
Published: 2015-04-01
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a p...

CVE-2015-0803
Published: 2015-04-01
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) ...

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.