Don’t Be Too Hasty Following Data Breaches Warns Analyst

Data breaches are not getting any cheaper to deal with, and companies that jump the gun on notifications can end up paying the most.

In its fifth annual study on data breaches, the Ponemon Institute discovered that about 36 percent of participants notified their breach victims within one month, but ended up paying $219 (£135) per compromised record as opposed to the $196 paid by others. According to the study, a reason for this may be that companies moved too quickly through the process of detection, notification and related activities, and made costly mistakes along the way.

“Panicking and making decisions before all the facts are accurately determined may result in extending credit services to individuals who may not have been affected in any way that would put their credit at risk, for example,” noted Mike Spinney, senior privacy analyst with Ponemon. “Initial assessments may have indicated 100,000 folks, but in reality only 50,000 were on the missing disk … that kind of thing can result in wasted money and effort in making notice.”

Overall, the report found the average cost of a breach in 2009 rose to $204 per compromised record, up from $202 in 2008. The PGP-commissioned study also found that the average organisational cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009.

According to the report, the biggest driver of data breach costs is the loss of existing and future customers, which is referred to as the “abnormal churn rate.” The industries with the highest churn rates—all standing at 6 percent—were pharmaceuticals, communications and health care. The financial services industry had a churn rate of 5 percent. Overall, the average abnormal churn rate across all industries stood at 3.7 percent in 2009, 0.1 percent higher than in 2008.

“Customers are increasingly aware of and expecting a secure level of protection and privacy for the data they entrust to businesses,” PGP CEO Phillip Dunkelberger said in a statement. “Our study with the Ponemon Institute continues to demonstrate that companies whose data is not protected are not only facing expensive direct costs from cleaning up a data breach, but also a loss in customer confidence that has long-lasting ramifications.”

While breaches caused by negligent insiders decreased, the portion caused by malicious criminal attacks and botnets rose to 24 percent in this year’s study—double the percentage from 2008. The cost of falling victim to such an attack, $215 per record, is roughly 40 percent higher than the cost of a breach involving a negligent insider, the study found.

Meanwhile, businesses seem to be investing more heavily in technology to deal with the problem. Use of encryption (58 percent), identity and access management (49 percent), and data loss prevention products (42 percent) all increased among study participants.

“Any effective data security strategy requires a balance of technology, awareness and education as it relates to a company’s policies and procedures,” Spinney told eWEEK. “I believe the increase in breaches due to malicious attacks reveals an improvement in an organisation’s ability to detect such attacks, but it does not necessarily suggest that individuals are more vigilant. Awareness is an ongoing effort and one of the least costly components of an effective data security strategy.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

23 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

1 day ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

1 day ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

2 days ago