Related Stories

  • Cost of data breaches outstripping inflation
    The average cost to UK business per record lost, according to the latest Symantec/Ponemon study, has increased from £47 in 2007 to £79 in 2011. Had it been inflation alone, it would have increased to just over £53.
  • Average cost of data breach for Australian firms reached $2 million
    The average cost of a data breach for Australian companies was $2 million in 2010, according to a survey conducted by the Ponemon Institute on behalf of Symantec’s Australia unit.
  • Average cost of data breach jumped 7%, to $7.2 million in 2010
    The average organizational cost of a data breach jumped 7% last year to $7.2 million, or $214 per lost record, according the Ponemon Institute's 2010 US Cost of a Data Breach Report. This is up from $204 per lost record in the 2009 survey.
  • Ponemon: Cost of breaches rising
    The Ponemon Institute has published its annual survey analyzing the cost of data breaches, and has found them rising. Its report, 2008 Annual Study: The Cost of a Data Breach, analyzed input from 43 US firms and found that the cost of the average breach was up 2.5% from last year. It had risen even more sharply since 2006, climbing 11%.
  • Data Breach Costs Rising
    The average cost of data breaches are rising, according to a report from the Ponemon Institute, which says that lost business is the biggest expense for companies that have their data pilfered.

Top 5 Stories


US data breach costs decline for first time in seven years

21 March 2012

The average organizational and per capita cost of a data breach in the US declined in 2011 for the first time in the seven years that the 'US Cost of a Data Breach Study' has been compiled.

Overall, the average organizational cost for an individual data breach declined to $5.5 million in 2011 – from $7.2 million in 2010 – a 24% drop. The average cost per record lost declined to $194 from $214 over the same period, a 10% decrease.

According to the '2011 U.S. Cost of Data Breach Study', negligent insiders were the top cause of data breaches, while malicious attacks were 25% more costly than other types of attacks.

The study, which is sponsored by Symantec and carried out by the Ponemon Institute, was derived from a detailed analysis of 49 data breach cases with a range of 4,500 to 98,000 affected records.

The study found organizations that employed a chief information security officer (CISO) with enterprise-wide responsibility for data protection reduced the cost of a data breach by 35% per compromised record.

“One of the most interesting findings of the 2011 report was the correlation between an organization having a CISO on its executive team and reduced costs of a data breach”, said Larry Ponemon, chairman and founder of the Ponemon Institute. “As organizations of all sizes battle an uptick in both internal and external threats, it makes sense that having the proper security leadership in place can help address these challenges.”

According to the study, detection and escalation costs declined from approximately $460,000 in 2010 to $433,000 in 2011. These costs refer to activities that enable a company to detect the breach and whether it occurred in storage or in motion.

In this year’s study, organizations that had their first ever data breach spent on average $37 more per record than those that had previous data breaches. Those that responded and notified customers too quickly without a thorough assessment of the data breach also paid an average of $33 more per record. Data breaches caused by third parties or a lost or stolen device increased the cost by $26 and $22, respectively.

For the first time, fewer customers are abandoning companies that have a data breach. However, certain industries are more susceptible to customer churn, which causes their data breach costs to be higher than the average. Taking steps to keep customers loyal and repair any damage to reputation and brand can help reduce the cost of a data breach, the study found.

This article is featured in:
Data Loss  •  Internet and Network Security  •  IT Forensics


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×