I've Been Mugged Blog

Last week, PGP Corporation and the Ponemon Institute announced the results of the fifth annual U.S. Cost of a Data Breach Study. Results from the U.S. study:

• The average cost per customer record increased to $204 in 2009 from $202 in 2008
• The average total cost per corporate data breach increased to $6.75 million in 2009 from $6.65 million in 2008
• The single highest breach cost was $31 million. The lowest single breach cost was $750,000
• Breaches caused by insiders (e.g., employees, contractors) decreased in number
• The percentage of companies that encrypt customer records increased to 58% from 44% in last year's survey
• Breaches by third parties (e.g., subcontracters, affiliates) dropped slightly to 42% of all breaches in 2009 from 44% in 2008

The total cost of a corporate data breach includes several items: expenses for investigation of the breach incident, detection and resolution expenses for ongoing breaches, legal and administrative expenses, customer defections, company reputation management, notification expenses to government agencies and breach victims, technical consultants' fees, and customer support costs including hot-lines and credit  monitoring subscriptions for breach victims.

The study included an analysis of 45 data breach incidents, wit the size of the breach ranged from 5,000 to 101,000 customer records exposed. The study analyzed companies from 15 industries: financial services, retail, health care, services, education, technology, manufacturing, transportation, consumer, hotels and leisure, entertainment, marketing, pharmaceutical, communications, research, energy and defense.