The 2006 average was $182 per compromised record, including the cost of detection, escalation, notification, and follow-up help to victims. The Ponemon Institute's 2005 study cited a figure of $132 per record.
Data breaches are expensive, averaging $4.7 million per incident, and they're becoming even more costly.
These are some of the findings of the Ponemon Institute's "2006 Cost of Data Breach Study," released today.
Based on 31 real data losses, the study finds a vast disparity in the financial impact of breaches and the amount spent on remediation. Given an average cost of $4.7 million per breach--an average loss of 26,000 records at a cost of $182 per record--companies spent only $180,000 on preventing future data losses. Of the $4.7 million cost, about $2.5 million reflects the cost of lost business.
The cost of losing data rose from 2005 to 2006. The 2006 average was $182 per compromised record. The Ponemon Institute's 2005 study cited a figure of $132 per record. These figures include the cost of detection, escalation, notification, and follow-up help to victims.
The study concludes that the "most salient costs result from the diminishment of confidence and trust in the company, which translates into abnormal or unexpected customer turnover. Our work supports the notion, 'an ounce of prevention is worth a pound of cure.'"
The study was sponsored by PGP Corporation and Vontu Corporation, security technology companies that stand to benefit from the findings if businesses decide to invest in an ounce of prevention.
The Ponemon Institute characterizes itself as an organization "dedicated to advancing responsible information and privacy management practices in business and government." To help meet those goals, Ponemon says it conducts "independent research and education that advances responsible information and privacy management practices within business and government."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.