The average UK data breach in business costs £1.7m, according to privacy and information management research firm Ponemon Institute.
In an annual report sponsored by security firm PGP Corporation, it is estimated that costs incurred by UK businesses after experiencing a data breach had risen from £1.4m in 2007 to £1.7m in 2008.
The "2008 Annual Study: UK Cost of a Data Breach" report says, on average, each lost customer record costs firms £60, a 28% increase on 2007's figure of £47.
For the second year running, lost business due to reduced consumer trust was the main contributor to overall data breach costs.
The report focuses on the cost of activities resulting from actual data loss incidents, as well as identifying the most frequent causes and likely technology responses to a data breach.
The magnitude of breach events included in the survey ranged from 4,100 to more than 92,000 records.
The key findings in the report:
- The total cost of a data breach ranged from £160,000 to £4.8m
- 53% of reported costs were due to lost business, suggesting that the UK public cares deeply about the loss or theft of their personal information
- 70% of all cases in this year's study involved insider negligence, emphasising that more needs to be done to educate staff on the importance of safeguarding information. Only 30% of incidents involved malicious acts
- 33% of data breach cases in 2008's study resulted from third-party errors. Data breaches involving outsourced data to third parties are the most costly - £67 per victim, as opposed to just £56 per victim when third parties were not involved
- Costs associated with detection, escalation, and ex-post response (ie, communication from the customer after a breach) have decreased slightly in 2008, suggesting that businesses are improving their processes to uncover, manage and communicate data breaches
Survey respondents identified encryption and identity and access management systems as the top two technology responses following a data breach.
Control practices and training and awareness programmes were cited as the top two manual processes.
"In just the second year of this UK study, research proves UK businesses continue to pay dearly for having a data breach," said Larry Ponemon, chairman and founder of The Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."