View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
February 2, 2009

Breach costs on the up

Data loss means lost customers: Study

By CBR Staff Writer

Businesses that lose sensitive data in an accidental or malicious security breach stand to lose up to 6% of their customer base and as much as $6 milllion in incident bills, fresh evidence has suggested.

In its annual US data breach cost study, the Ponemon privacy and information management research institute reported that for 43 data breaches it studied it found the average per-incident cost ran to $6.65 million in 2008.

That figure is up by around 5% on its year-ago calculations.

Most of those costs can be attributed to consequential business loss, as angry or disaffected customers abandon companies who they believe have been careless with the personal, financial and confidential information they hold on them. 

Dr Larry Ponemon, chairman and founder of the Ponemon Institute said, As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy.

The study tracks a wide range of cost factors, including the outlays for detection, escalation, notification and response along with legal, investigative and administrative expenses, and costs associated with customer support such as information hotlines and credit monitoring subscriptions.

But it is customer defections, opportunity loss and reputation damage that led to the largest losses.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Overall, the costs ran to $202 per compromised customer record in 2008, compared to $197 in 2007, according to Ponemon.

It is company employees and not cyber thieves that are the biggest culprit, with the data revealing that more than 88% of all cases in this year’s study can be attributed to some kind of insider negligence.

Bank breaches were found to be more costly than average, with as many as 5.5% of customers typically abandoning a financial services company that has experienced a breach, although it is organisations in the US healthcare industry that show the highest cost of lost business.

The review, which is funded by PGP Corp, found that breach incident costs ranged from more than $613,000 per breach to nearly $32 million.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU