Data breach costs rise to £60 per record, say researchers

OUT-LAW News, 05/02/2009

The biggest cost to companies that lose data is the business that it loses those firms, according to industry research. The total cost of losing a piece of data has risen by 28% in the last year, the research found.

The average cost of a single lost record is £60, research conducted by privacy research firm The Ponemon Institute on behalf of encryption company PGP Corporation. Last year's research results showed that the cost per record was £47.

The research examined the circumstances of 30 UK data breaches, examining both the causes and the costs of incidents. It found that 53% of the costs that companies reported were due to lost business. "[This suggests] that the UK public cares deeply about the loss or theft of their personal information," said a PGP statement.

"The total cost of a data breach ranged from £160k to £4.8 million, with an average cost of £60 per customer record," it said.

The research found that just 30% of breaches were down to acts of malice, but the fact that the other 70% of incidents were down to insider negligence should encourage companies to take action, it found. "More needs to be done to educate staff on the importance of safeguarding information," said PGP.

The most expensive data breaches are those resulting from action by third parties to whom data processing has been outsourced. These cost organisations £67 per record rather £56 per record when no third party was involved. The range of the cost of a data breach was £160,000 to £4.8 million, the research found.

"2008 saw no slow down to the stream of data breaches started in 2007 – if anything they’ve gotten bigger and more costly,” said Phil Dunkelberger, chief executive of PGP. “In this current climate, organisations are taking desperate measures to preserve their reputation and retain customers; this study shows they simply cannot afford to lose out to competitors as a result of poor data security.”

The Ponemon survey found that breaches were less costly in the UK than in the US, where they cost $202 per lost record. It found that the average total cost of a breach in the US is $6.65 million.

Other evidence has emerged that the frequency, as well as the cost, of data breaches is on the increase. Research company Enterprise Strategy Group analyst Jon Oltsik wrote at technology site CNET News that his firm has said that the number of firms reporting breaches has jumped from 30% in previous years to 56% for 2008.

"Armed with data from several years of surveys, I think it is safe to assume that things are getting worse, not better," he wrote. "Sensitive data continues to flow throughout the enterprise, ending up in e-mails and IMs, laptops, and thumb drives, and into the hands of malicious or careless employees--an uphill battle indeed."

Feedback | Printer-friendly page | Latest news | | All news feeds | Ask a lawyer