All the latest UK technology news, reviews and analysis
|
|
|
25 Jan 2010
The number of corporate security breaches fell last year, but the cost of each incident is on the up, according to a new study by the Ponemon Institute.
The study of attacks in 15 different industries found that the average per-incident cost of a security breach was $6.75m (£4.16m) in 2009, compared to $6.65m (£4.1m) in 2008.
A separate report from the Identity Theft Resource Center said that the number of successful attacks fell from 657 in 2008 to 498 in 2009.
"In the five years we have conducted this study, we have continued to see an increase in the cost to businesses of a data breach," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.
"With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach."
The fall in the number of attacks can be attributed to improved security practices, the study found, such as better staff training and awareness programmes. Another factor is the regular use of encryption, which was up 14 per cent to 54 per cent this year.
Nevertheless, the cost of a breach rose from $202 (£125) per compromised customer record in 2008 to $204 (£126) in 2009. Companies are also being hit by higher legal costs as a result of data loss.
The most expensive data breach in this year's study cost nearly $31m (£19m), and the least expensive $750,000 (£464,000).
"Customers are increasingly aware of, and expecting a secure level of protection and privacy for, the data they entrust to businesses," said Phillip Dunkelberger, president of PGP Corporation, which sponsored the study.
"Our study with the Ponemon Institute continues to demonstrate that companies whose data is not protected face expensive direct costs from cleaning up a data breach, and a loss in customer confidence that has long-lasting ramifications.
"A bright spot in this year's report illustrated that companies with chief security officer leadership had a lower cost of remediation following a breach. "
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Our highly successful client urgently requires Senior...
Our highly successful client urgently requires Senior...
Our highly successful client urgently requires Senior...
Our client, a highly successful and currently market...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Data breaches pose a real threat to organisations
The data from the Ponemon Institute once again serves as a stark reminder of the real world costs of lax data security. Failure to clamp down on data security has real and painful consequences for any organisation, regardless of whether it is a public or private sector body. Data breaches cost jobs, create catastrophic bad press and can have a painful impact on the bottom line. Coupled with the new powers of the Information Commissioner?s Office to fine companies in the UK upwards of £500,000 for each instance of a data protection failing, and the final cost of a breach or loss could very quickly dwarf the £4.1 million ($6.75 million) average per incident revealed in this year?s survey. The financial impact of the breaches examined in this report underline the growing value of data as a business asset. This survey revealed that the most expensive data breach event cost a company nearly £19 million to resolve, the cheapest being £463,000. In the previous survey, these figures were £3.8 million and £84,000 respectively ? a massive jump in just a year. This increase is a likely knock-on effect of two years of reduced headcount and focus around data governance among some organisations. This in turn has lead to information assets being lost, stolen and exploited due to a lack of oversight. Fortunately, as the report shows, investment is increasing as companies look to correct such oversights before they become systemic. In short - If you think the cost of data governance is expensive, look at the overall cost to a business of a data breach.
Posted by: Todd Chambers, chief marketing officer, Courion 26 Jan 2010