RSS Alerts

Related Stories

  • A Breach too Far
    How much do data breaches really damage organizations financially – and why don’t we want to hear about it? Danny Bradbury investigates
  • Ponemon: Cost of breaches rising
    The Ponemon Institute has published its annual survey analyzing the cost of data breaches, and has found them rising. Its report, 2008 Annual Study: The Cost of a Data Breach, analyzed input from 43 US firms and found that the cost of the average breach was up 2.5% from last year. It had risen even more sharply since 2006, climbing 11%.
  • Music File-Sharing Enters a New Decade
    The recording industry continues to lose billions of dollars each year, along with tens of thousands of jobs, all thanks to illegally downloaded files. Lauren Moraski examines what is being done to combat the drain on this sector
  • A Blueprint for Secure Intellectual Property
    Protecting intellectual property (IP) is imperative for any business. Providing a unique business model will encourage revenue, and keeping selected information from ambitious soon to be ex-employees should help to stave off the competition. Add a recession to the mix, complete with unscrupulous tactics, legal grey areas and an increase in redundancies, and the brewing threats might just boil over. Rob Stringer looks into the not-so-secret formula for keeping intellectual property secure
  • New Data Integrity Attacks on the Block
    While the information security world has had its attention fixed on data loss prevention since the TJX breach in early 2007, it has failed to acknowledge the rising issue of data integrity attacks. Sarb Sembhi investigates a threat that he predicts will soon take the industry by storm.

News

Data Breach Costs Rising

04 February 2009

The average cost of data breaches are rising, according to a report from the Ponemon Institute, which says that lost business is the biggest expense for companies that have their data pilfered.

The Ponemon Report, 2008 Annual Study: Cost of a Data Breach, also revealed that data breaches as a result of outsourced functions had increased over previous years, and that first-time victims suffered greater costs than those that had already experienced a breach. The per-victim cost of a data breach was $243, compared to $192 for those who had suffered breaches in the past.

The 69% of data breach costs stemming from lost business was reflected in an increase in the average customer churn rate suffered by companies that were victims of data loss. The 2008 churn rate was 3.6%, up from 2.67% last year. The healthcare industry was the most affected, with a 6.5% churn rate, followed by finance at 5.5%.

The percentage of breaches down to third-party organisations such as contractors, customers, and outsourcers increased to 44% in 2008, over 40% in 2007, and 29% in 2006.

"You not only have to deal with the systems and processes and people within your own four walls, but you must also get a third party whom you have no control over to change their systems, too," said John Dasher, product development manager at PGP, which sponsored the report. "As news of these breaches gets out, it will educate people that they need to ensure that the people with whom they're doing business have a security policy that's in line with their own."

Training and awareness programmes were the most commonly implemented measures in the wake of a data breach, followed by additional manual procedures and controls, expanded use of encryption, and identity and access management systems. The least common post-breach measure was the strengthening of perimeter controls (perhaps unsurprising given the rise in the percentage of third party breaches). What was surprising was the relatively low number of organisations implementing data loss protection measures after suffering from a breach. Just 37% of companies took this approach.

"We've always advocated that corporations need to take a step backward and look at the lifecycle of their data," said Dasher. "Developing that sort of a view is the only coherent way of coming up with a strategy for data protection."

The survey examined the experiences of 43 US companies across 17 different sectors that had suffered from data losses.

 

This article is featured in:
Data Loss Internet and Network Security Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water