New Study Reveals Data Breach Costs

How costly is a data breach? That depends on where you live.

Symantec sponsored a study conducted by the Ponemon Institute that looks at such costs at 209 enterprises in eight countries: the U.S., UK, Germany, France, Australia, and, new this year, Italy, India, and Japan. Costs such as detection, escalation, notification, and post-breach responses were included, as were estimates of the “economic impact of lost or diminished customer trust and confidence as measured by customer turnover, or churn rates.”

The 2011 Global Cost of Data Breach report puts the cost at $194 per compromised record in the United States (down from $214 in the previous year’s report), the highest figure in the study. Germany came next at $191, unchanged from last year; India had the lowest cost, at $42 per compromised record.

It’s tough to track the cost of losing a customer, but Ponemon said its estimate put the U.S. at the top of the list, losing $3 million from customer churn; Germany was second (at $1.7 million), and India came in last, at $289,060.

Released in March but just now made available to the public, the report breaks down losses by industry, causes of breaches (negligent insiders and malicious attacks ranked highest), variations among countries (detection and escalation costs were most expensive in Germany and France), and organizational attributes and factors. One such factor caught my eye: data breaches were less costly at organizations with CISOs having “overall responsibility for enterprise data protection.”

A PDF version of the report, which is full of interesting facts and figures, is available for free download here.

-- James E. Powell
Editorial Director, ESJ

Posted on 07/23/2012