The cost of a data breach keeps creeping upward. A
The number of breached records per incident this year ranged from 2,300 records to more than 99,000 records, Ponemon states. This year, the average per incident settled somewhere around 23,647. Therefore, it can be surmised that the average cost of a security incident for a U.S. company was more than $4.4 million. Compare this with the cost of investing in security software and training.
Ponemon bases its estimates on a range of factors, including direct, indirect and opportunity costs stemming from activities required to detect a breach, activities necessary to report the breach of protected information to appropriate personnel within a specified time period, and activities that enable the company to notify data subjects with a letter, outbound telephone call, e-mail or general notice that personal information was lost or stolen.
The report also takes note that “lost business costs were stable (such costs include customer churn, customer acquisition activities, and brand reputation loss). In many organizations — especially in heavily regulated industries such as healthcare and financial services — lost business costs represented the largest financial consequence of a data breach.”
A total of 277 organizations were studied for the report.
The Ponemon-Symantec report makes the following recommendations for getting a better grip on potential security costs:
•
•
•
•
Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.
Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on