Security breaches happen when identity thieves break into a company’s database and steal customer information, like credit card numbers, Social Security numbers, and other sensitive data. When this happens, the company must spend an enormous amount of money investigating the breach, boosting their security levels, covering legal expenses, and notifying customers.
Each year, the Ponemon Institute conducts a study to quantify these costs. Their latest findings show that it costs a company more than ever to repair a security breach…around $6.6 million.
Ponemon surveyed 43 anonymous companies from 16 different industries–including communications, education, and healthcare–that suffered security breaches in 2008. The study found that the cost associated with a data breach has gone up from previous years. In 2006, a breach cost about $4.7 million to correct, then $6.3 million in 2007, and most recently $6.6 million in 2008.
Lost business costs are especially high in the healthcare and financial services industries. Approximately 6% of those customers are more likely to stop doing business with that particular institution after a security breach.
In addition, there has been a rise in cost per compromised record. It cost $202 per record in 2008, which is a $64 (or 40%) increase from 2005.
Of the companies surveyed, 84% had multiple breaches in 2008. Interestingly, the cost per breach is lower for companies that have experienced a previous breach. Those companies handle the security loss more efficiently, thus reducing their costs to $192 per victim record. The study also found that more than 88% of all cases in this year’s study involved insider negligence.