Search |
Interesting information |
Notification Laws Have a Dramatic Impact on Data Breach Costs
The Ponemon Institute calculated the average cost of a data breach globally at $3.43 million last year, the equivalent of $142 per compromised customer record. However, costs varied dramatically between regions, from $208 per lost record in the U.S., down to $98 per record in the UK. A total of 133 organizations, located in five countries - Australia, France, Germany, UK and U.S. - participated in the research, which was conducted in 2009.
The report reveals that costs incurred in countries with data breach notification laws were significantly higher than in countries where no such legislation exists. For example, in the U.S., where 46 states have now introduced laws forcing organizations to publicly disclose the details of breach incidents, the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were passed July 2009, costs were second highest; 25 percent above the worldwide average. In Australia, France and the UK, where data breach notification laws have not yet been introduced, costs were all below the average.
The report also looked at business lost as a result of a breach. Almost half (44 percent) of the incurred data loss expenses related to the cost of lost business, reflecting the added expense of consumer churn and the increased difficulty of attracting new customers in the wake of negative publicity. Again, costs varied dramatically between countries and were highest in the U.S., where the cost of lost business was on average equivalent to 66 percent of overall expenses, said the Ponemon Institute.
"Approaching the issue from a strategic perspective is the right way to go about addressing data breach," Ponemon told CSO. "You can't simply check compliance boxes, or throw technology at the issue and expect the problem will take care of itself. Instead, organizations must understand that technologies have to be part of a comprehensive strategy that takes into account the purpose for collecting data, policies for managing data throughout the entire lifecycle, enforcement of policies, training and awareness, and the development of contingency plans for when things go wrong, to name a few."
Please see: "Study: Cost of data breach in U.S. is highest world wide," by Joan Goodchild, Senior Editor, CSO, 28 April 2010