Data loss means lost customers: Study
Businesses that lose sensitive data in an accidental or malicious security breach stand to lose up to 6% of their customer base and as much as $6 milllion in incident bills, fresh evidence has suggested.
In its annual US data breach cost study, the Ponemon privacy and information management research institute reported that for 43 data breaches it studied it found the average per-incident cost ran to $6.65 million in 2008.
That figure is up by around 5% on its year-ago calculations.
Most of those costs can be attributed to consequential business loss, as angry or disaffected customers abandon companies who they believe have been careless with the personal, financial and confidential information they hold on them.
Dr Larry Ponemon, chairman and founder of the Ponemon Institute said, As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy.
The study tracks a wide range of cost factors, including the outlays for detection, escalation, notification and response along with legal, investigative and administrative expenses, and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
But it is customer defections, opportunity loss and reputation damage that led to the largest losses.
Overall, the costs ran to $202 per compromised customer record in 2008, compared to $197 in 2007, according to Ponemon.
It is company employees and not cyber thieves that are the biggest culprit, with the data revealing that more than 88% of all cases in this year’s study can be attributed to some kind of insider negligence.
Bank breaches were found to be more costly than average, with as many as 5.5% of customers typically abandoning a financial services company that has experienced a breach, although it is organisations in the US healthcare industry that show the highest cost of lost business.
The review, which is funded by PGP Corp, found that breach incident costs ranged from more than $613,000 per breach to nearly $32 million.