The number of successful attacks fell from 657 in 2008 to 498 in 2009
Security breaches fall, but cost per incident rises
/v3-uk/news/1951089/security-breaches-fall-cost-incident-rises
25 Jan 2010, Iain Thomson , V3
The number of corporate security breaches fell last year, but the cost of each incident is on the up, according to a new study by the Ponemon Institute.
The study of attacks in 15 different industries found that the average per-incident cost of a security breach was $6.75m (£4.16m) in 2009, compared to $6.65m (£4.1m) in 2008.
A separate report from the Identity Theft Resource Center said that the number of successful attacks fell from 657 in 2008 to 498 in 2009.
"In the five years we have conducted this study, we have continued to see an increase in the cost to businesses of a data breach," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.
"With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach."
The fall in the number of attacks can be attributed to improved security practices, the study found, such as better staff training and awareness programmes. Another factor is the regular use of encryption, which was up 14 per cent to 54 per cent this year.
Nevertheless, the cost of a breach rose from $202 (£125) per compromised customer record in 2008 to $204 (£126) in 2009. Companies are also being hit by higher legal costs as a result of data loss.
The most expensive data breach in this year's study cost nearly $31m (£19m), and the least expensive $750,000 (£464,000).
"Customers are increasingly aware of, and expecting a secure level of protection and privacy for, the data they entrust to businesses," said Phillip Dunkelberger, president of PGP Corporation, which sponsored the study.
"Our study with the Ponemon Institute continues to demonstrate that companies whose data is not protected face expensive direct costs from cleaning up a data breach, and a loss in customer confidence that has long-lasting ramifications.
"A bright spot in this year's report illustrated that companies with chief security officer leadership had a lower cost of remediation following a breach. "
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Data breaches pose a real threat to organisations
The data from the Ponemon Institute once again serves as a stark reminder of the real world costs of lax data security.
Failure to clamp down on data security has real and painful consequences for any organisation, regardless of whether it is a public or private sector body. Data breaches cost jobs, create catastrophic bad press and can have a painful impact on the bottom line.
Coupled with the new powers of the Information Commissioner?s Office to fine companies in the UK upwards of £500,000 for each instance of a data protection failing, and the final cost of a breach or loss could very quickly dwarf the £4.1 million ($6.75 million) average per incident revealed in this year?s survey.
The financial impact of the breaches examined in this report underline the growing value of data as a business asset. This survey revealed that the most expensive data breach event cost a company nearly £19 million to resolve, the cheapest being £463,000. In the previous survey, these figures were £3.8 million and £84,000 respectively ? a massive jump in just a year.
This increase is a likely knock-on effect of two years of reduced headcount and focus around data governance among some organisations. This in turn has lead to information assets being lost, stolen and exploited due to a lack of oversight. Fortunately, as the report shows, investment is increasing as companies look to correct such oversights before they become systemic.
In short - If you think the cost of data governance is expensive, look at the overall cost to a business of a data breach.
Posted by Todd Chambers, chief marketing officer, Courion, 26 Jan 2010