Can your Company Afford a $6.6 Million Data Breach?
February 18, 2009 - A lost laptop was the cause of a data breach for more than one-third (35 percent) of the companies surveyed in the 2008 Ponemon Institute's fourth-annual "Cost of a Data Breach" study.
The average cost of a data breach rose 2.5 percent in 2008 to $202 per record, from $197 per record in 2007, according to the report, which is sponsored by PGP Corp.
In addition to lost laptops, "We found that another large group of companies lost information by virtue of other [portable] data-bearing devices," says Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "It could have even been a USB memory stick, a Treo, an iPhone. Mobile devices are basically the root cause to a lot of this cost that we've been studying over the years. And it seems to be on the increase, rather than decreasing. Especially as more of these devices are small and they're readily available and they're integrated into someone's work."
The study examines the costs incurred by 43 organizations after experiencing a data breach. Breaches included in the survey ranged from fewer than 4,200 records to more than 113,000 records from 17 different industry sectors.
The average total cost per reporting company was more than $6.6 million per breach (up from $6.3 million in 2007 and $4.7 million in 2006) and ranged from $613,000 to almost $32 million.
Employee negligence of all stripes accounts for the vast majority (88 percent) of all data breaches in the study, with the remaining 12 percent caused by malicious acts.Yet, the latter end up costing an organization $225 per record, compared with $199 per record when the cause is employee negligence.
The reason? A malicious breach "requires more resources, forensic resources, detection resources, and actually probably other legal defense issues that could add up and be much more costly for a company," says Ponemon.
Bottom Line Impact
Lost business continues to be the most costly effect of a breach, accounting for an average total of $4.59 million per breach, or $139 per record compromised. In 2008, lost business accounted for 69 percent of a data breach's costs, compared with 65 percent in 2007 and 54 percent in 2006.
Training and awareness programs lead companies' efforts to prevent future breaches, according to 53 percent of respondents. Nearly half (49 percent) are creating additional manual procedures and controls.
Of the technology options deployed to prevent future breaches, 44 percent of companies have expanded their use of encryption technologies, 40 percent increased their use of identity and access management solutions, 26 percent expanded their use of endpoint security solutions such as laptop anti-theft, and 16 percent strengthened the perimeter controls of their networks.
For the full article click here, to find out more about how data breaches can affect you, and why you should "beware the economic meltdown."
The average cost of a data breach rose 2.5 percent in 2008 to $202 per record, from $197 per record in 2007, according to the report, which is sponsored by PGP Corp.
In addition to lost laptops, "We found that another large group of companies lost information by virtue of other [portable] data-bearing devices," says Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "It could have even been a USB memory stick, a Treo, an iPhone. Mobile devices are basically the root cause to a lot of this cost that we've been studying over the years. And it seems to be on the increase, rather than decreasing. Especially as more of these devices are small and they're readily available and they're integrated into someone's work."
The study examines the costs incurred by 43 organizations after experiencing a data breach. Breaches included in the survey ranged from fewer than 4,200 records to more than 113,000 records from 17 different industry sectors.
The average total cost per reporting company was more than $6.6 million per breach (up from $6.3 million in 2007 and $4.7 million in 2006) and ranged from $613,000 to almost $32 million.
Employee negligence of all stripes accounts for the vast majority (88 percent) of all data breaches in the study, with the remaining 12 percent caused by malicious acts.Yet, the latter end up costing an organization $225 per record, compared with $199 per record when the cause is employee negligence.
The reason? A malicious breach "requires more resources, forensic resources, detection resources, and actually probably other legal defense issues that could add up and be much more costly for a company," says Ponemon.
Bottom Line Impact
Lost business continues to be the most costly effect of a breach, accounting for an average total of $4.59 million per breach, or $139 per record compromised. In 2008, lost business accounted for 69 percent of a data breach's costs, compared with 65 percent in 2007 and 54 percent in 2006.
Training and awareness programs lead companies' efforts to prevent future breaches, according to 53 percent of respondents. Nearly half (49 percent) are creating additional manual procedures and controls.
Of the technology options deployed to prevent future breaches, 44 percent of companies have expanded their use of encryption technologies, 40 percent increased their use of identity and access management solutions, 26 percent expanded their use of endpoint security solutions such as laptop anti-theft, and 16 percent strengthened the perimeter controls of their networks.
For the full article click here, to find out more about how data breaches can affect you, and why you should "beware the economic meltdown."