Privacy and information management research firm the
Ponemon Institute says the averagetotal cost to UK companies of a single data
breachincident is more than
£1.4m.
Ponemon's 2007 Annual Study: UK Cost of a Data Breach report
says the financial impact of lost business due to reduced consumer
trust is the most significant component of data breach costs.
This first annual UK study was sponsored by PGP Corporation and
Symantec. The report focuses on the cost of activities resulting
from actual data-loss incidents, as well as identifying the most
frequent causes and likely technology responses to a data
breach.
Breaches included in the survey ranged from 2,500 records to
more than 125,000 records, from 21 UK businesses spanning eight
different industry sectors.
The average total cost of a data breach ranged from £84,000 to
almost £3.8 million, with an average of £47 per record
compromised.
From this, 36% of reported costs were due to lost business, with
an abnormal customer churn rate of 2.5% after a breach.
The cost of a data breach for financial services organisations
was more than 17% higher than average, at £55 per record
compromised.
The survey found that 38% of respondents reported breaches by
third-party organisations, such as outsourcers, consultants and
business partners, at a significantly higher cost per record
compromised.
And 36% of data breaches resulted from lost and stolen laptops
or other mobile devices.
Survey respondents identified encryption and data loss
prevention solutions as the top two technology responses following
a data breach.
Larry Ponemon, chairman of the Ponemon Institute, said,
"Businesses and government in the UK are just now coming to realise
the impact a data breach can have on an organisation and its
customers, similar to developments in the US five years ago when
data breaches first became headline news."