This 2010 Ponemon Institute benchmark study, sponsored by Symantec Corporation, examines the costs incurred by 38 organisations after experiencing a data breach. Results were not hypothetical responses; they represent cost estimates for activities resulting from actual data loss incidents. This is the fourth annual study of this issue.
Breaches included in the study ranged from 6,900 records to 72,000 records from 13 different industry sectors.
And because some of us having been looking more closely at the issue of whether churn rates and “harm” are being objectively measured and reported, here’s what the study says on churn:
Customer turnover in direct response to breaches remains the main driver of data breach costs: Abnormal churn or turnover of customers after data breaches appears to remain the dominant data breach cost factor. Regulatory compliance helps lower churn rates by boosting customer confidence in companies’ IT security practices.
Average abnormal churn rates across all 38 incidents dropped a point to 3 percent. The sectors with the highest 2010 churn rate were communications, financial and services, all at 7 percent. The industries with the lowest abnormal churn rates were transportation (2 percent), consumer and retail (each at 1 percent) and public sector (less than 1 percent).
Once again, though, churn rate is merely the estimate of the interviewee and does represent verified data.
You can download the full report from Symantec’s site.