For the first time in seven years, the 2011 Cost of Data Breach Study has found that the cost of lost and stolen data in 2011 actually declined. The study is sponsored by Symantec and is conducted by the Ponemon Institute.
Larry Ponemon, chairman and founder of the Ponemon Institute, explained to InternetNews.com that the study includes a number of different costs associated with data breaches. One of those costs is the organizational costs, which is the average cost that an organization spends in dealing with and remediating from a data breach incident.
“That number last year was $7.2 million and this year is approximately $5.4 million, so that’s a 24 percent decrease,” Ponemon said.
The other data breach cost that Ponemon calculates is the Per Compromised Record cost. In the 2010 study that cost was $214 per record and for the 2011 study that number has fallen to $194 per record.
The study uses an activity based costing framework, with the largest chunk of total cost coming from a category called, lost business cost. That category includes items such as abnormal customer turnover, increased customer acquisition costs, reputation loses and diminished goodwill. For 2011, the lost business cost was down by 34 percent over 2010.
“Fewer customers abandon companies after a data breach and we think that explains to a large extent why the total cost of a data breach went down so substantially,” Ponemon said.
From a root cause analysis perspective, negligence represented 39 percent of all data breaches. Though negligence is the most common root cause for a data breach, malicious attacks are more costly. The average cost for a malicious attack is $222 per record, which is higher then the overall average which came in at $194 dollars.
“What this means is that a company that experiences malicious attacks is more likely to incur a higher cost than if it was negligence,” Ponemon said.