UK data breach costs rise for third year running - Ponemon Institute

This was, notes the report, an increase of 13% on 2009, and 18% on 2008, with hostile attacks accounting for 29% of all data breaches during 2010 - an increase on the 22% reported a year earlier.

Delving into the research reveals that the incident size ranged from 6,900 to 72,000 records, with the cost of each breach varying from £36,000 to £6.2 million.

The most expensive incident, says the Ponemon Institute, increased by £2.3 million compared to 2009.

According to the report, when a hostile attack is involved, the costs of a data breach are at their highest, at an average of £80 per record, up £4 on 2009.

The expenses associated with a data breach, says the research, range from detection, escalation, notification, and customer churn due to diminished trust.

Interestingly, system failure overtook the insider as the most common threat - to 37% of all cases involved a system failure, up 7 per cent a year earlier, and replacing negligence, which at 34% dropped 11 percentage points.

Encryption and other technologies, meanwhile, are gaining ground as post-breach remedies, with strengthening perimeter controls coming in third place.

75% of respondents to the report said they use endpoint security solutions after data breaches; this is up significantly from 59% in 2009.

Encryption, says the research, is the second most implemented preventive measure as a result of a data breach, with 70%. Strengthening perimeter controls came in at 69%.

Commenting on the report's findings, Dr. Larry Ponemon said that regulators are cracking down to ensure organisations implement required data security controls or face harsher penalties.

"Confronted with both malicious and non-malicious threats from inside and outside the organisation, companies must proactively implement policies and technologies to mitigate the risk of costly breaches", he noted.

The fourth annual Ponemon Cost of a Data Breach report - sponsored by Symantec - was based on the data breach experiences of 38 UK companies from 13 different industry sectors.

What’s Hot on Infosecurity Magazine?