There has been a sharp rise in the financial impact of hack attacks, with
new estimates putting the average cost of a data breach at $182 per compromised
record.
The figures, published in 'Ponemon 2006 Annual Study: Cost of a Data Breach',
represent a 31 per cent increase over 2005. Analyst firm the Ponemon Institute
analysed 31 different incidents for the study, which found that total costs for
each hack attack ranged from less than $1m to more than $22m.
The research, which was co-sponsored by the PGP Corporation, and Vontu,
tracks a wide range of cost factors, including legal, investigative, and
administrative expenses, as well as stock performance, customer defections,
opportunity loss, reputation management, and costs associated with customer
support such as information hotlines and credit monitoring subscriptions.
"The burden companies must bear as a result of a data breach are significant,
making a strong case for more strategic investments in preventative measures
such as encryption and data loss prevention," said Dr Larry Ponemon, chairman
and founder of The Ponemon Institute.
"Tough laws and intense public scrutiny mean the consequences of poor
security are steep – and growing steeper for companies entrusted with managing
stores of consumer data."
"Once again, the Ponemon survey illuminates the high costs companies will
incur for failing to protecting their customers' data," added Andrew Krcik, vice
president of marketing for PGP Corporation.
"The report shows companies must spend prodigiously to recover from data
breaches. In fact, 72 per cent of respondents indicated that the cause of the
data breach was because digital information was not properly protected."
A separate report recently issued by Vontu and The Ponemon Institute, 'US
Survey: Confidential Data At Risk', claims that companies do not have adequate
controls over the storage of sensitive or confidential data at rest. In that
study, 81 per cent of respondents reported that their organisations have
experienced one or more lost or missing laptop computers that contained
sensitive or confidential business information in the past 12-month period.
Do you agree?
Have your say on this article