The average UK data breach in business costs £1.7m, according to
privacy and information management research firm Ponemon
Institute.
In an annual report sponsored by security firm
PGP Corporation, it is estimated
that costs incurred by UK businesses after experiencing a data
breach had risen from £1.4m in 2007 to £1.7m in 2008.
The "2008 Annual
Study: UK Cost of a Data Breach" report says, on average, each
lost customer record costs firms £60, a 28% increase on 2007's
figure of £47.
For the second year running, lost business due to reduced
consumer trust was the main contributor to overall data breach
costs.
The report focuses on the cost of activities resulting from
actual data loss incidents, as well as identifying the most
frequent causes and likely technology responses to a data
breach.
The magnitude of breach events included in the survey ranged
from 4,100 to more than 92,000 records.
The key findings in the report:
- The total cost of a data breach ranged from £160,000 to
£4.8m
- 53% of reported costs were due to lost business, suggesting
that the UK public cares deeply about the loss or theft of their
personal information
- 70% of all cases in this year's study involved insider
negligence, emphasising that more needs to be done to educate staff
on the importance of safeguarding information. Only 30% of
incidents involved malicious acts
- 33% of data breach cases in 2008's study resulted from
third-party errors. Data breaches involving outsourced data to
third parties are the most costly - £67 per victim, as opposed to
just £56 per victim when third parties were not involved
- Costs associated with detection, escalation, and ex-post
response (ie, communication from the customer after a breach) have
decreased slightly in 2008, suggesting that businesses are
improving their processes to uncover, manage and communicate data
breaches
Survey respondents identified encryption and identity and access
management systems as the top two technology responses following a
data breach.
Control practices and training and awareness programmes were
cited as the top two manual processes.
"In just the second year of this UK study, research proves UK
businesses continue to pay dearly for having a data breach," said
Larry Ponemon, chairman and founder of The Ponemon Institute. "As
costs only continue to rise, companies must remain on guard or face
losing valuable customers in this unpredictable economy."