Monday, March 14, 2011

2010 Annual Study: U.S. Cost of a Data Breach

Data breach costs rise with criminal attacks

Criminals are driving up the cost of data breaches for U.S. business, according to researchers at the Ponemon Institute and Symantec.

U.S. Cost of Data Breach survey released today by the Ponemon Institute and sponsored by Symantec, showed the cost of a data breach rose for the fifth straight year to an average $7.2 million per incident, up 7 percent from 2009. That’s $214 for every compromised customer record breached.

The most expensive breach reported in 2010 was $35.3 million, and the least expensive was $780,000, both up from the previous year. A key factor in the rising cost is the fact that criminals account for a larger share of the data breaches and they significantly more expensive to contain and fix.

Deliberate, criminal attacks rose nearly 30 percent last year, now accounting for 31 percent of all attacks (negligence, like lost hard drives or document, still accounts for 41 percent of breaches) and the cost of malicious attacks is is rising even faster, jumping 48 percent, to an average of $318 per compromised, wrote Dr. Larry Ponemon, founder and chairman of the institute, on his
Malicious attacks create more costs because they are harder to detect, the
investigation is more involved and they are more difficult to contain and
remediate. Another reason malicious attacks are so expensive is the criminal is
out to monetize their work; they’re trying to profit off the breach.

Other factors behind rising costs:

Better awareness: Breaches are less likely to go undetected and/or unreported. This is motivated by the threat of potential legislation and legislation. So far, 46 U.S. states have passed such measures, with varying definitions of a breach, deadlines for notifying customers and punishments for failing to comply.”

Faster (costlier) response: More companies favor a rapid response. This 43 percent of companies notified customers within 30 days.

From Dr. Ponemon’s blog:

“For the second year, we’ve seen companies that quickly respond to data breaches pay more than companies that take longer. This year, they paid 54 percent

For more details please refer here.

No comments: