Cost of data breach cleanup soars

by Sarah Griffiths on 21 March 2011, 15:56

Tags: Symantec (NASDAQ:SYMC)

Quick Link: HEXUS.net/qa464

Add to My Vault: x

Bill bonanza

The cost of a data breach has risen for the third year on the trot, according to a new survey.

A study by Ponemon bankrolled by Symantec found that the average data breach incident cost UK organisations £1.9m or £71 per record, an increase of 13 percent on 2009, and 18 percent on 2008. 

The report is based on the data breach experiences of 38 UK companies from 13 different industries, including the financial sector, government and telecommunications. 

It also found that the incident size ranged from 6,900 to 72,000 records, with the cost of each breach varying from £36,000 to £6.2m. The most expensive incident increased by £2.3m compared to 2009.

Hostile attacks reign as the most expensive data breach for UK organizations, according to the report. The study said that malicious or criminal attacks accounted for 29 percent of all data breaches, increasing from 22 percent over 2009.  It costed an average of £80 per record to fix the problem in 2010, up by £4 on 2009.

The study also revealed that system failure overtook the insider as the most common. A total of 37 percent of all cases involved a system failure in 2010, up 7 percent on 2009, replacing negligence as the biggest threat, which at 34 percent dropped 11 points. Lost and stolen devices and third party mistakes also fell marginally, according to the report.

Perhaps predictably, lost businesses ranked as the biggest contributor to overall data breach costs, with recovering customers, profits and business opportunities pretty tough.

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said: "We continue to see an increase in the costs to businesses suffering a data breach. Regulators are cracking down to ensure organisations implement required data security controls or face harsher penalties.  Confronted with both malicious and non-malicious threats from inside and outside the organisation, companies must proactively implement policies and technologies to mitigate the risk of costly breaches."

Robert Mol, director of product marketing, Europe, Middle East and Africa, Symantec, said: "At a time when businesses in the UK remain economically cautious, protection of IP to remain competitive and avoidance of potentially large fines are key.  With the average cost of a data breach for UK organisations rising to £1.9 million, securing information clearly continues to challenge organisations at all levels, but the vast majority of these breaches are preventable."

Funnily enough the security firm suggested that organisations protect their data and create a culture of security with training, policies and actions in place.

 



HEXUS Forums :: 7 Comments

Login with Forum Account

Don't have an account? Register today!
They deserve all the get IMO, customers are entrusting them with private data so they should ensure it's properly secured. I mean it's not like it's hard.
watercooled
I mean it's not like it's hard.
Yes and no. Implementing the physical and logical side is not too hard, though it does make doing most other IT related tasks far more complex, however by far the biggest problem is the users when it comes to security. You can have complete buy in from the board all the way down. You can have regular training for your users. You can have regular penetration tests that even include social engineering and you will still get someone who decides to be completely void of brain cells for 2 minutes.
However, any company that chooses the head in the sand approach to security deserves all they get as you say.
Oh I completely agree, it just annoys me so much when you hear of companies or even the government losing data on CDs or flash drives without so much as thinking of encryption.
Good, frankly. There are plenty of products out there than can enforce the use of encrypted removable storage where such a thing is required and any company not making use of them when there's a chance that someone can be dumping any of my data to a USB stick is skimping on a cost that is an absolute requirement in my eyes when handling public data in such a manner.
Well, I just had an email from Play.com suggesting a third party company they use has just had a breach. Not gonna be happy if my info's been leaked.