According to a survey by the Ponemon Institute, sponsored by PGP Corporation and Vontu Inc, the true cost of data breaches in 2006 was $182 per compromised record on average, that is a 31% increase over the 2005 figures. Furthermore, the results of the report, published today, reveal that the total cost of each data breach ranged from less than $1 million to more than $22 million.
Cost of a Data Breach: The Financial Impact of Data Loss Incidents 2006 may not sound like ideal bedside reading material, but I would heartily recommend stuffing a copy under the pillow of every CEO, CTO and CFO in order to get them to wake up and smell the security coffee. The study examined all the financial consequences of data breaches involving consumers' personally identifiable information, although the Ponemon Institute only analyzed 31 different incidents from the 330 or so that have occurred since February 2005 according to the Privacy Rights Clearinghouse.
So what did the study actually study in those 31 incidents in order to come up with the bottom line figures? It tracked a wide range of cost factors, including legal, investigative, and administrative expenses, as well as stock performance, customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
The end result illustrating the high costs companies will incur for failing to protecting their customers' data, with 72% of respondents indicating that the cause of the data breach was fairly to properly protect digital information (well duh!) If you want to play the percentages, take a look at a recent report also from The Ponemon Institute and Vontu, ‘U.S. Survey: Confidential Data At Risk’ which saw 81 percent of respondents reporting that that their organizations had experienced one or more lost or missing laptop computers that contained sensitive or confidential business information in the previous 12-month period.
Mind you this does not surprise me in the least, considering yet another survey from Pointsec Mobile Technologies recently revealed that that 40% of all mobile phones, PDAs and laptops left at airports over the summer will never be reclaimed by their owners – and that was just in the UK. The report went on to suggest that Heathrow Airport send 730 lost and unclaimed laptops and 1460 mobile phones off to auction every year. A figure made all the more worrying when the same survey suggested that 25% of these had no security in place to protect the data stored at all!