Data breaches cost UK businesses more than ever last year, with most
of the financial hit resulting from lost business in the aftermath of
an incident, a Ponemon Institute survey for Symantec has found.
The average cost of a data breach for the 38 large businesses surveyed
in 2010 Annual Study: UK Cost of a Data Breach was £1.9 million ($3.1
million), a 13 percent rise from 2009, equivalent to about £71 per
lost record.
Of this sum, 48 percent can be attributed to 'abnormal customer churn'
- customers that go elsewhere after hearing of the problem - while
communicating with customers and resetting records is another 23
percent. Non-commercial organisations such as those in the public
sector were found to suffer lower customer costs.
The most expensive breach uncovered by the survey cost a company £6.2
million to recover from, while the smallest costing £336,000, with the
number of records lost or stolen ranging from 6,900 to 72,000.
However representative a snapshot, Symantec and Ponemon describe the
breach cost numbers as giving a good idea of what it costs a typical
company to deal with large data breaches, defined as between 1,000 and
100,000 records.
The report presents the deeper causes of data breaches in a rather
convoluted manner (some causes can be related to more than one
category), although 'system breaches' (security failures inside a
company) are named as the top cause with a frequency of 37 percent of
incidents, with third parties and negligence accounting for 34 percent
each.
Malicious and criminal attacks account for 29 percent, but these are
not surprisingly the most expensive to clear up at £80 per record.
"We continue to see an increase in the costs to businesses suffering a
data breach," said Ponemon Institute founder, Dr. Larry Ponemon.
"Regulators are cracking down to ensure organisations implement
required data security controls or face harsher penalties. Confronted
with both malicious and non-malicious threats from inside and outside
the organisation, companies must proactively implement policies and
technologies to mitigate the risk of costly breaches."
No comments:
Post a Comment