According to the study, sponsored by security company PGP. U.S. companies incur costs averaging $204 per compromised record. In Germany, where disclosure and other regulations are being strengthened, the average cost is $177; in the U.K., whose regulations are relatively lax (so far; this will change in the next year or two) the cost is under $100 per record.
Globally, the average cost per record is $143.
As Germany's figures show, the cost of breaches increases along with the reach of legislation and regulation.
How much of an increase? Check this out: Ponemon reports that between 2005 and 2009 the average company cost of a breach incident rose from 4.5 million to 6.65 million.
Stricter regulation, and concerns about being in violation of those regulations following a breach, may lead some companies to over-spend on notifications, alerting all customers of a possible breach, when only a limited number of records were actually compromised.
Not that avoiding notification is any kind of solution. As a Ponemon executive pointed out, bluntly, non-disclosure is "against the law."
The challenge is balancing the degree and speed of notification against the degree of understanding and awareness of the breach's severity, and how that severity affects notification procedures.
The 2009 Cost Of A Data Breach report can be downloaded here (registration required).