The cost of a data breach went up to $7.2 million last year up from $6.8 million in 2009 with the average cost per compromised record in 2010 reaching $214, up 5% from 2009.
The Ponemon Institute’s annual study of data loss costs this year looked at 51 organizations who agreed to discuss the impact of losing anywhere between 4,000 to 105,000 customer records. The private-sector firms participating in the Ponemon Institute’s “2010 Annual Study: U.S. Cost of a Data Breach” hail from across various industries, including financial services, retail, pharmaceutical technology and transportation.
Read more on NetworkWorld. Of note, those who respond quicker to getting notifications out to consumers, seem to be paying more:
About 41% of the respondents in the study said their organization had notified victims within one month of discovering the data breach, up from 36% in 2009. But these so-called quick responders paid $268 per record, up 22% from 2009 — and substantially more than companies that took longer, which paid $174 per record, down 9% from 2009.
Okay, that’s not good. We don’t want entities having to pay more promptly disclosing. What is increasing the cost of the breach clean-up to entities who respond quickly? According to Ponemon’s press release:
Costs pile up in a rush to make a one-month or less reporting time deadline and don’t necessarily mean companies are doing a better job in the forensics of understanding exactly what happened to them in the data breach, says Ponemon. Instead, it seems to lead to an “over-reporting phenomenon” where more records than were actually in the data breach are reported and publicly disclosed. This may be happening because companies are afraid they will have problems with state or federal regulators or class-action lawsuits if they delay past the one-month timeline, he said.
These data will undoubtedly be used by some to argue for a “take a bit more time and get it right and save money” approach. There’s much to discuss here.