Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/2/2009
08:43 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Cost Of Data Breaches Keeps Going Up

The costs associated with a data breach involving consumer records have been steadily rising, according to the Ponemon Institute's fourth annual study, Cost Of A Data Breach. The survey took a close look at 43 organizations that reported a breach in 2008 -- ranging from the loss of 4,200 records to more than 113,000.

The costs associated with a data breach involving consumer records have been steadily rising, according to the Ponemon Institute's fourth annual study, Cost Of A Data Breach. The survey took a close look at 43 organizations that reported a breach in 2008 -- ranging from the loss of 4,200 records to more than 113,000.The average total cost per incident reached $6.65 million last year, up from $6.3 million in 2007.

The costs include everything from the detection of the breach to consumer notification and response, as well as legal and administrative expenses, lost customers, lost sales, reputation management, and everything associated with providing help to the affected consumers through hot lines and credit-monitoring tools.

Here are some other findings from the release, available here.

  • Health care and financial services companies experienced the highest churn rate -- 6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.
  • Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees.
  • More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008 -- meaning that companies are becoming more experienced in managing breaches over time.
  • More than 88% of all cases in this year's study involved insider negligence.
  • More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
  • It's interesting to note that third parties accounted for 44% of all cases this year. Watch your outsourcers.

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
    Comments
    Oldest First  |  Newest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/3/2020
    'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
    Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
    Average Cost of a Data Breach: $3.86 Million
    Jai Vijayan, Contributing Writer,  7/29/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15109
    PUBLISHED: 2020-08-04
    In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the ship...
    CVE-2020-16847
    PUBLISHED: 2020-08-04
    Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
    CVE-2020-15135
    PUBLISHED: 2020-08-04
    save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
    CVE-2020-13522
    PUBLISHED: 2020-08-04
    An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.
    CVE-2020-15943
    PUBLISHED: 2020-08-04
    An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attack...