Other costs include reputation fixes and customer support in the form of information hotlines and credit monitoring subscription for victims, according to a new survey.
Losing customer data cost companies more this year than last.
According to a study conducted by the Ponemon Institute, an independent information practices research group, data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006.
The average total cost for a data breach in 2007 was $6.3 million, up from $4.8 million in 2006.
The study suggests that lost data translates to lost business opportunity. This mainly comes in the form of customer churn and customer acquisition costs, which rose from $98 per record in 2006 to $128 in 2007 -- a 30% increase.
Other costs include reputation management and customer support costs such as information hotlines and credit monitoring subscription for victims.
"In the past, there hasn't been the evidence to say that people are losing customers due to a breach," said John Dasher, director of product management for encryption technology company PGP Corporation. "I think that's changing."
Dasher attributes this to greater awareness of security issues and less tolerance of security issues on the part of the public.
The study found outsourcing to be a significant and growing source of risk. Breaches attributable to third-party organizations -- outsourcers, contractors, consultants, and partners -- were reported by 40 percent of respondents, an increase of 29% from 2006.
And in such cases, the breaches were more expensive, costing companies an average of $231 per customer record lost, compared to $171 when no third-party was responsible.
"If you outsource [and there's a data breach], your costs are more than if you didn't," said Dasher, who sees this as a consequence of IT trying to do more with less. "The outsourcers themselves appear to not be immune to poor security practices."
Legal costs associated with data breaches and public relations costs rose 8% and 3% respectively of total breach costs, according to the study.
The study indicates that laptops, thumb drives and mobile devices account for 49% of all breaches in the 2007 sample. About 18% of data breach incidents were attributable to a malicious attack (a virus or spyware, for example) or a malicious insider.
The study's findings aren't all bad news: The cost of data breach notification dropped by 15%. Dasher attributes this to organizations being more focused in their response.
PGP Corporation and data loss protection company Vontu (recently acquired by Symantec) sponsored the study. Both companies make products designed to mitigate data breach risks.
The study is based on analysis of 35 data breach incidents in the U.S. which range in scope from losses of fewer than 4,000 records to more than 125,000 records.
More than 216 million customer records have been exposed or lost in data breaches since 2005, according to Privacy Rights Clearinghouse, a privacy advocacy organization.
In late October, the U.K. government acknowledged losing data on more than 25 million of its citizens.
The Ponemon Institute plans to release a study of U.K. data breaches in January.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!