2007 Data Breach Survey

The Ponemon Institute has concluded this year that “data breach incidents cost companies $197 per compromised customer record in 2007, compared to $182 in 2006. ” This data is reported in the document titled “2007 Annual Study: U.S. Cost of a Data Breach” and can be downloaded from the link at the end of this blog.

Interestingly, over 70% of that amount is reported as being down to lost business, the remainder is attributed to detection and escalation, incident response, and notifications. Causes of the breaches are pretty much in line with what I reported on this blog a few days ago. Namely:

  • Lost laptop or other device (49%)
  • Third party or outsourcer (16%)
  • Paper records (9%)
  • Malicious insider (9%)
  • Electronic backup (7%)
  • Hacked systems (5%)
  • Malicious code (4%)
  • Undisclosed (2%)

Most interesting of all is the following fact

Since 2005, the percentage of incidents where a third party such as an outsourcer or consultant was responsible for a data breach has increased from 21 percent in 2005 to 40 percent in 2007.

This is wholly consistent with the fact that more businesses are putting more of their data out to third parties to manage. This figure is going to increase. Remember, you can’t outsource responsibility for security. It doesn’t matter where your data gets breached, it’s your fault.

The report concludes with some good words to take heed from:

Trust may be intangible and hard to quantify, but the result of breaking that trust is clear as the cost of lost business grew more than 30 percent since 2006.

Download the full report here: http://download.pgp.com/pdfs/Ponemon_COB-2007_US_071127_F.pdf