According to two studies conducted by the Ponemon Institute and distributed by PGP Corp., almost 20 percent of customers immediately terminated their accounts with vendors that lost their information. An additional 40 percent considered termination. Companies participating in a parallel study estimated incurring an average cost of $14 million per breach incident, with costs ranging as high as $50 million.
The first survey – "Lost Customer Information: What Does a Data Breach Cost Companies?" covers 14 separate incidents, collectively representing 1.4 million compromised data records and almost $200 million in total costs. The study concluded that the average spending resulting from a single data breach was $5 million, while reported costs ranged as high as $50 million for an insurance company. The average total recovery cost was estimated at $140 per lost customer record, while the average loss was 2.5 percent of all customers.
Total cost estimates include the actual cost of internal investigations, outside legal defense fees, notification and call center costs, public investor relations efforts, discounted services offered, lost employee productivity and the effect of lost customers. The related survey – "National Survey on Data Security Breach Notification" – reports results from 9,000 consumers, 12 percent of whom had received notifications of information mishandling. When extrapolated to the U.S. population, an estimated 23 million consumers have received such notices. Results showed 60 percent had terminated or were considering terminating their accounts.
"Great companies know that customer acquisition and retention are the life-blood of long-term corporate success," said Andrew Krcik, vice president of marketing for PGP.
"A brand reputation built with hundreds of millions of dollars over decades can be destroyed by careless handling of private customer information," he said. "When the lifetime value of customers is so high and new customer acquisition so difficult, why destroy customer confidence when practical safeguards are available to prevent such an event?" Reports are available from PGP Corporation at www.pgp.com/ponemon.