Data breaches are expensive, averaging $4.7 million per incident, and they're becoming even more costly.
These are some of the findings of the Ponemon Institute's "2006 Cost of Data Breach Study," released today.
Based on 31 real data losses, the study finds a vast disparity in the financial impact of breaches and the amount spent on remediation. Given an average cost of $4.7 million per breach--an average loss of 26,000 records at a cost of $182 per record--companies spent only $180,000 on preventing future data losses. Of the $4.7 million cost, about $2.5 million reflects the cost of lost business.
The cost of losing data rose from 2005 to 2006. The 2006 average was $182 per compromised record. The Ponemon Institute's 2005 study cited a figure of $132 per record. These figures include the cost of detection, escalation, notification, and follow-up help to victims.
The study concludes that the "most salient costs result from the diminishment of confidence and trust in the company, which translates into abnormal or unexpected customer turnover. Our work supports the notion, 'an ounce of prevention is worth a pound of cure.'"
The study was sponsored by PGP Corporation and Vontu Corporation, security technology companies that stand to benefit from the findings if businesses decide to invest in an ounce of prevention.
The Ponemon Institute characterizes itself as an organization "dedicated to advancing responsible information and privacy management practices in business and government." To help meet those goals, Ponemon says it conducts "independent research and education that advances responsible information and privacy management practices within business and government."
Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio