splash

Home > Insight > Newsletter

PGP Newsletter: Encryption Matters 2.0

Volume 1, Issue 3, March 2009


The Truth about Data Breaches

Most Result from Negligence, And Costs Continue to Rise

By Dr. Larry Ponemon, The Ponemon Institute

The Ponemon Institute’s fourth annual “U.S. Cost of a Data Breach Study” finds that the cost of a breach continues to rise—averaging $202 per record lost, an increase of 11 percent in two years.

One of the most frightening statistics that emerged from our study, whose participants were 43 companies from 17 industry sectors, is that 88 percent of the breaches involved incidents resulting from negligence, which in my view is entirely preventable.

The Biggest Consequence: Lost Business

The largest cost component of a data breach is lost business: both current customers who have lost confidence and potential new customers who decide to shop elsewhere. Our study showed that the cost of lost business averaged $4.59 million per incident, or $132 per record. Lost business now accounts for 69 percent of the total average cost.

Regulations in 44 states, the District of Columbia, Puerto Rico, and the Virgin Islands require that in the event of lost confidential or personal data, organizations must notify the individuals affected.

Aside from the proven threat of identity theft, the embarrassment of breaking customer trust costs dearly. Customers are increasingly aware of, and concerned about, data breaches and their consequences. Organizations striving to protect and expand their business—especially during these challenging economic times—would do well to implement a prominent data protection strategy that includes encryption.

More Findings: Costs, Industries, Prevention

Some other highlights of the 2008 study:

  • Total average cost per incident rose to $6.6 million, up from $6.3 million in 2007 and $4.7 million in 2006.
  • Cost per record breached averaged $202, up from $197 in 2007 and $182 in 2006.
  • Cost of lost business is the most costly consequence, averaging $4.59 million per incident, or $132 per record. Lost business now accounts for 69 percent of the total average cost.
  • Third party breaches increased and cost more. Outsourcers, contractors, consultants, and business partners were responsible for breaches in 44 percent of respondent incidents in 2008, up from 40 percent in 2007, 29 percent in 2006, and 21 percent in 2005.
  • The first breach has a higher cost, with a per-victim cost of $243 compared to $192 in companies who have suffered previous breaches. More than 84 percent of all cases in the study involved organizations that had more than one major data breach.
  • Training and awareness programs lead efforts to prevent future breaches, according to 53 percent of respondents, while 44 percent of respondents have expanded their use of encryption technologies to prevent future breaches.
  • Industries with the highest rate of customer loss (churn) were healthcare (6.5 percent) and financial services (5.5 percent). The average churn rate overall was 3.6 percent, up from 2.67 percent in 2007 and 2.01 percent in 2006.
  • The average cost of a healthcare breach ($282) is more than twice that of an average retail breach ($131).
  • To prevent future breaches, 44 percent of respondents have expanded their use of encryption technologies and 53 percent of respondents use training and awareness programs.

Be Proactive with Protection

Given both the rise in third-party breach incidents and the cost disparity between in-house and third-party breaches, organizations should closely evaluate the enterprise data protection policies and systems used with and by third-party outsourcers and consultants. Small and medium-sized businesses in particular should evaluate the security risks of emerging cloud-computing and Software-as-a-Service (SaaS) infrastructures, where data custody (and protection) is unclear.

Let’s face it: breaches are going to happen. Laptops are stolen, USB sticks can be lost, sniffers capture email messages, and insiders penetrate file servers. The most effective way to stop data loss from becoming a breach is to encrypt the data itself. Without a key, encrypted data is unreadable. Your organization’s data—and customer trust—remain safe.

Do a cost analysis, and you’ll find that implementing proactive data protection—before data is stolen—costs much less than cleaning up the mess afterward. PGP Corporation offers platform-based data encryption solutions that form the foundation of a strategic approach to enterprise data protection.

Learn More about PGP® Solutions for Data Protection

Download the 2008 Annual Study: Cost of a Data Breach: available as German, U.S., and U.K. reports

PGP News Feed
Encryption Matters Sign-Up

*(required)



Please enter your first name.


Please enter your last name.


Please enter your email address.
Sorry, your email address must be in a valid format.


Please enter the name of your company.
I want to receive the Encryption Matters newsletter.
I want to receive other mailings from PGP Corporation.
Submit

Resources