The study, which polled 31 organisations that had suffered a recent data breach, reveals they lost $182 per customer record, up from around $140 in 2005, Andrew Krcik, vice president of marketing at PGP, told SC Magazine.com today at the show.
PGP and Vontu sponsored the study.
The average total loss per organisation totaled about USD$4.8 million per breach and ranged between USD$226,000 and USD$22 million, the study revealed. The brunt of the losses was attributable to lost customers, Krcik said. Roughly two percent of customers abandoned the companies following the breaches, he said.
Among the other significant drivers for the cost-per-breach increase were telephone calls made by the organisation to notify victims about the breach, Krcik said. This resulted in both direct cost and lost employee productivity. Many organisations have begun taking this approach, subscribing to the belief that "the personal touch" of a phone call "makes people less upset," he said.
Meanwhile, the study found an alarming trend that could speak to why breaches continue to plague organisations. It revealed that the affected respondents' IT security departments bore none of the data breach costs, compared to marketing (55 percent), customer support (34 percent) and legal, audit and risk management (11 percent).
"It tells you why companies have been slow to put in their preventative measures," Krcik said. "The blow doesn't fall on their heads."
But organisations must realise: "You can buy a lot of prevention for this kind of money (USD$4.8 million average total loss)," he said.
Click here to email Dan Kaplan.
From InfoSecurity NY: Cost of data breaches up nearly a third in past year, study says
By Dan Kaplan on Oct 25, 2006 3:38PM