The costs associated with a data breach involving consumer records have been steadily rising, according to the Ponemon Institute's fourth annual study, Cost Of A Data Breach. The survey took a close look at 43 organizations that reported a breach in 2008 -- ranging from the loss of 4,200 records to more than 113,000.The average total cost per incident reached $6.65 million last year, up from $6.3 million in 2007.
The costs include everything from the detection of the breach to consumer notification and response, as well as legal and administrative expenses, lost customers, lost sales, reputation management, and everything associated with providing help to the affected consumers through hot lines and credit-monitoring tools.
Here are some other findings from the release, available here.
Health care and financial services companies experienced the highest churn rate -- 6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected. Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees. More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008 -- meaning that companies are becoming more experienced in managing breaches over time. More than 88% of all cases in this year's study involved insider negligence. More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
It's interesting to note that third parties accounted for 44% of all cases this year. Watch your outsourcers.