Breaking down the numbers reveals that the cost for data breaches came in at £69 per lost record for private organisations, and £59 for the public sector. The figures, says the Institute, were a 7% hike on 2008's average of £60 per customer record. And back in 2007 the cost per lost record stood at just £47.
Interestingly, the data breach report shows that lost business – due to reduced consumer trust – was the main contributor to this expense, making up £29 per record.
Whilst the financial impact of lost business is substantially lower for public bodies than for commercial firms, the study says that costs associated with detecting and escalating a breach – with notifying citizens and dealing with subsequent enquiries – are all substantially higher in the public sector, and are the principle contributors to the overall costs.
"This third annual study shows that the financial impact of data breaches is hitting UK organisations harder and harder each year", said Larry Ponemon, chairman and founder of The Ponemon Institute.
"In the commercial sector the costs associated with customer churn and attracting new customers are particularly acute, but our research suggests these firms are getting better at detection, remediation and customer communications", he added.
"However, these efficiencies aren't shared in the public sector, where the direct costs of a data breach are significantly higher. For example, the cost of notifying users that their records might have been compromised is more than four times higher for public organisations than for private firms."
The report, which focuses on the cost of activities resulting from real life data loss incidents occurring between May 2009 and January 2010, took in responses from 33 UK organisations.
Researchers found that data breach events involved between 5,200 and 60,000 personally identifiable information records, costing between £365 000 and £3.92m pounds to manage, at an average of £1.68m.