Average Cost of a Corporate Data Breach $7.2 Million

Tuesday, March 08, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

The average cost of a corporate data breach reached $7.2 million in 2010, up from $6.8 million in 2009, according to the 2010 Annual Study: U.S. Cost of a Data Breach conducted by the Poneman Institute.

Negligence remains the leading cause of the costly events, followed by malicious attacks and system failure. Also of concern are revelations that several breaches may have been due to errors on the part of cloud service providers.

Key findings in the study include:

  • Rapid response to data breaches is costing companies 54 percent more per record than companies that moved more slowly. Forty-three percent of companies notified victims within one month of discovering the breach, up seven points from 2009. In 2010, these quick responders had a per-record cost of $268, up 22 percent from 2009; companies that took longer paid $174 per record, down 11 percent.
  • Malicious or criminal attacks are the most expensive and are on the rise. In this year’s study, 31 percent of all cases involved a malicious or criminal act, up seven points from 2009, and averaged $318 per record, up 43 percent from 2009.
  • Negligence remains the most common threat. The number of breaches caused by negligence edged up one point to 41 percent and averaged $196 per record, up 27 percent from 2009. This steady trend reflects the ongoing challenge of ensuring employee and partner compliance with security policies.
  • Companies are more vigilant about preventing system failures. System failure dropped nine points to 27 percent in 2010. This trend indicates organizations may be more conscientious in ensuring their systems can prevent and mitigate breaches through new security technologies and compliance with security policies and regulations.
  • Data breach costs have continued to rise. The average organizational cost of a data breach this year increased to $7.2 million, up seven percent from $6.8 million in 2009. Total breach costs have grown every year since 2006. Data breaches in 2010 cost companies an average of $214 per compromised record, up $10 (5 percent) from last year.
  • Encryption and other technologies are gaining ground as post-breach remedies, but training and awareness programs remain the most popular. Sixty-three percent of respondents use training and awareness programs after data breaches, down four points from 2009. Encryption is the second most implemented preventive measure as a result of a data breach, with 61 percent. Both encryption and data loss prevention (DLP) solutions have increased 17 percent since 2008.

The study was sponsored by Symantec, and the company recommends the following precautions be taken:

  • Assess risks by identifying and classifying confidential information
  • Educate employees on information protection policies and procedures, then hold them accountable
  • Deploy data loss prevention technologies which enable policy compliance and enforcement
  • Proactively encrypt laptops to minimize consequences of a lost device
  • Integrate information protection practices into businesses processes

 Source:  http://www.symantec.com/about/news/release/article.jsp?prid=20110308_01

Possibly Related Articles:
11334
Enterprise Security
Data Loss breaches Enterprise Security Symantec Poneman Headlines report
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.