All the latest UK technology news, reviews and analysis

Security breaches fall, but cost per incident rises

by Iain Thomson

More from this author

25 Jan 2010

Comment: 1

  • Tweet this
Data security
The number of successful attacks fell from 657 in 2008 to 498 in 2009

The number of corporate security breaches fell last year, but the cost of each incident is on the up, according to a new study by the Ponemon Institute.

The study of attacks in 15 different industries found that the average per-incident cost of a security breach was $6.75m (£4.16m) in 2009, compared to $6.65m (£4.1m) in 2008.

Further reading

A separate report from the Identity Theft Resource Center said that the number of successful attacks fell from 657 in 2008 to 498 in 2009.

"In the five years we have conducted this study, we have continued to see an increase in the cost to businesses of a data breach," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.

"With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach."

The fall in the number of attacks can be attributed to improved security practices, the study found, such as better staff training and awareness programmes. Another factor is the regular use of encryption, which was up 14 per cent to 54 per cent this year.

Nevertheless, the cost of a breach rose from $202 (£125) per compromised customer record in 2008 to $204 (£126) in 2009. Companies are also being hit by higher legal costs as a result of data loss.

The most expensive data breach in this year's study cost nearly $31m (£19m), and the least expensive $750,000 (£464,000).

"Customers are increasingly aware of, and expecting a secure level of protection and privacy for, the data they entrust to businesses," said Phillip Dunkelberger, president of PGP Corporation, which sponsored the study.

"Our study with the Ponemon Institute continues to demonstrate that companies whose data is not protected face expensive direct costs from cleaning up a data breach, and a loss in customer confidence that has long-lasting ramifications.

"A bright spot in this year's report illustrated that companies with chief security officer leadership had a lower cost of remediation following a breach. "

Do you agree?

Add your comment

Data breaches pose a real threat to organisations

The data from the Ponemon Institute once again serves as a stark reminder of the real world costs of lax data security. Failure to clamp down on data security has real and painful consequences for any organisation, regardless of whether it is a public or private sector body. Data breaches cost jobs, create catastrophic bad press and can have a painful impact on the bottom line. Coupled with the new powers of the Information Commissioner?s Office to fine companies in the UK upwards of £500,000 for each instance of a data protection failing, and the final cost of a breach or loss could very quickly dwarf the £4.1 million ($6.75 million) average per incident revealed in this year?s survey. The financial impact of the breaches examined in this report underline the growing value of data as a business asset. This survey revealed that the most expensive data breach event cost a company nearly £19 million to resolve, the cheapest being £463,000. In the previous survey, these figures were £3.8 million and £84,000 respectively ? a massive jump in just a year. This increase is a likely knock-on effect of two years of reduced headcount and focus around data governance among some organisations. This in turn has lead to information assets being lost, stolen and exploited due to a lack of oversight. Fortunately, as the report shows, investment is increasing as companies look to correct such oversights before they become systemic. In short - If you think the cost of data governance is expensive, look at the overall cost to a business of a data breach.

Posted by: Todd Chambers, chief marketing officer, Courion 26 Jan 2010

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

phishing-credit-card

Google moves to calm fears of Wallet attacks

Related white papers

Related articles

Related jobs

Today's top stories

ACTA protests took place across the globe

EP president condemns ACTA treaty as citizens protest across the globe

Google logo

Security patches cost Google $410,000 in finder's fees

Apple iPhone 4S

Apple stocks pass $500 as firm's financial success continues

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Technical Architect - Java / Oracle Coherence

Java / Oracle Coherence Technical / Solution Architect...

ASP.Net C# Developer

ASP.Net/C#/Web Development/Desktop Development/Winforms...

PL/SQL Developer

My Major client urgently requires an experienced contract...

Decision Systems Analyst

Decision Systems Analyst West Midlands £19-24,000 Are...

To send to more than one email address, simply separate each address with a comma.