Symantec and the Ponemon Institute today revealed that the cost of a data breach has risen for the third consecutive year. The 2010 Annual Study: UK Cost of A Data Breach report found that the average data breach incident cost UK organisations £1.9 million or £71 per record, an increase of 13 percent on 2009, and 18 percent on 2008. The incident size ranged from 6,900 to 72,000 records, with the cost of each breach varying from £36,000 to £6.2 million. The most expensive incident increased by £2.3 million compared to 2009.
Key findings from the study include:
- System failure overtook the insider as the most common threat. In this year’s study, 37 percent of all cases involved a system failure, up 7 per cent on 2009 and accounts for the biggest rise of any data breach attribute. It replaced negligence, which at 34 percent dropped 11 points. Lost or stolen devices and third-party mistakes each fell slightly. Malicious or criminal attacks rose 5 points to 29 percent.
- Recognition of the risk of insecure mobile devices connecting to company networks jumps to 64 per cent. The likelihood of insecure mobile devices including smartphones and tablet computers accessing company data is 84 percent – an increase of 9 percent on 2009. Organisations are recognising this risk with 64 percent stating mobile device encryption was very important or important, an increase of 13 points from 2009.
- Lost business ranked as the biggest contributor to overall data breach costs. Recovering customers, profits and business opportunities after data breaches posed the greatest cost hurdles for companies in 2010. Lost business accounted for 48 percent of the total, an increase of 2 percent from 2009. Other contributing factors were costs sustained in the immediate aftermath of the event, such as resetting accounts and communicating with customers (known as ex-post response) at 23 percent and costs related to detection / escalation at 20 percent.
- Encryption and other technologies are gaining ground as post-breach remedies, with strengthening perimeter controls coming in third place. 75 percent of respondents use endpoint security solutions after data breaches; this is up significantly from 59 percent in 2009. Encryption is the second most implemented preventive measure as a result of a data breach, with 70 percent. Strengthening perimeter controls came in at 69 percent.
- Breaches involving third-party mistakes became a lower concern. Data breaches from third-party mistakes decreased marginally in 2010 to 34 percent, down 2 points. The cost of such breaches fell as well, down £7 (9 percent) to £74 per record. The drop may indicate that whilst the security of outsourced data remains important, those breaches became a lower priority in 2010.
- Responding rapidly to data breaches costs companies slightly more than if they take one month or longer. Quick responders (companies that notify victims within one month) had a per record cost of £72. The equivalent cost for companies that take longer than a month was £1 less per record (£71). This is a reversal from last year when faster companies benefitted from 19 percent less costs by reporting earlier. Regulatory compliance pressures may explain these factors, as The Information Commissioner’s Office (ICO) received new enforcement powers in 2010, encouraging a more serious approach to compliance in order to avoid heavy fines.
The 2010 Annual Study: UK Cost of A Data Breach report
Subscribe for free
Register For This Site
Latest Forum Discussions
- Resourcing Projects and Programmes
- Recruitment and selection practices in the public sector
- Open source CMS
- Openness Is A Matter of Perspective
- UK Buzz Index for October 2011
- Mobile Government, Citizens & Data - Interim survey report
- Next Generation mGovernment Services – Learning and sharing how Gov’ is connecting, engaging and reaching people effectively over mobile digital networks and devices.