Cost of data breaches rises
Survey finds the average cost of data breaches to UK firms rose more than a fifth last year
The cost of data breaches to UK firms spiralled last year as insider negligence cost companies millions of pounds in lost business, research has found.
The 2008 Annual Study: UK Cost of a Data Breach report was conducted by research firm the Ponemon Institute and sponsored by data protection firm PGP Corporation. It examined the cost of data breaches at 30 UK firms across 10 different industries over the course of last year.
The number of records compromised ranged from 4,100 in one instance to more than 92,000 in another, with costs ranging from £160,000 to £4.8m. The average cost per breach was £1.7m, a 21 per cent increase on 2007 while each compromised customer record cost an average £60, a 28 per cent hike.
Business lost as a result of a deterioration in customer trust was the most costly effect of data breaches, accounting for 53 per cent of reported costs. Seven in 10 breaches were caused by negligence with only 30 per cent involving purposeful maliciousness.
Dr Larry Ponemon, founder of the Ponemon Institute, said: "In just the second year of this UK study, research proves businesses continue to pay dearly for having a data breach. As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."
A third of breaches resulted from third-party errors and those involving outsourced data were the most costly with an average loss of £67 per customer. Costs associated with detecting and responding to breaches declined slightly in 2008, which the survey claims can be attributed to improved firms improving their processes.
Encryption and identity and access management tools were singled out by respondents as the top two technologies in dealing with data breaches. Control practices and training and awareness initiatives were cited as businesses preferred manual methods.
PGP chief executive Phil Dunkelberger added: “2008 saw no slow down to the stream of data breaches started in 2007; if anything they have got bigger and more costly. In this current climate, organisations are taking desperate measures to preserve their reputation and retain customers; this study shows they simply cannot afford to lose out to competitors as a result of poor data security.”