Home 
Small Business Study: Negligence Causes Most Data Breaches
Study: Negligence Causes Most Data Breaches - Page 2
Share this Article
Digg
Del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeed
Page 2 of 2
Newbies suffer more
Data breach costs are higher for companies hit for the first time than for those that have been hit before, the study found. Per-victim cost for a first-time data breach is $243, compared for $192 for old hands. "First timers are not prepared to deal with a breach," Ponemon said. "Companies that had two or more breaches were better able to deal with them and were able to mitigate or reduce the cost. Pain is a pretty good teacher."
The cost of lost business accounts for 69 percent of the cost of a data breach, the study found. It averages $4.59 million, or $139 per record compromised. This is partly due to increased customer churn, as customers take their business elsewhere. Between 2005 and 2008, the cost of customer churn grew 38 percent, or more than $64 on a per-victim basis, the study found.
Not only do angry customers vote with their feet, but they also blab, and that increases the cost of lost business. "People are willing to talk about a problem when they feel they've been marginalized or ignored, and that increases the amount of lost business and the cost of customer acquisition," Ponemon said.
Healthcare and financial companies suffered the highest customer loss, experiencing churn rates of 6.5 percent and 5.5 percent, respectively.
Experts advocate taking a risk management approach to breaches. However, most risk management specialists fail to take into account the intangible factors around breaches, such as staff training, and the cost of lost business and new customer acquisitions, PGP's Dunkelberger said.
"You're better off with an ounce of prevention, by implementing training and having encryption, but most risk managers don't take these into account."
Insider negligence can be reduced through having a strong security policy and processes and training, Gretchen Hellman, vice president of security solutions at security vendor Vormetric told InternetNews.com.
"You need more security awareness training, a strong security policy, and processes to make sure everyone has done what they should," she said.
"Prevent where you can, monitor where you can't, and start off with policy and procedures and checks and balances."
