Data Breaches Cost More if Enterprises Move Too Fast | eWeek

Data Breaches Cost More if Enterprises Move Too Fast

Écrit par
Brian Prince
Brian Prince
Jan 25, 2010
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Data breaches are not getting any cheaper to deal with, and companies that jump the gun on notifications can end up paying the most.

In its fifth annual study on data breaches, the Ponemon Institute discovered that about 36 percent of participants notified their breach victims within one month, but ended up paying $219 per compromised record as opposed to the $196 paid by others. According to the study, a reason for this may be that companies moved too quickly through the process of detection, notification and related activities, and made costly mistakes along the way.

“Panicking and making decisions before all the facts are accurately determined may result in extending credit services to individuals who may not have been affected in any way that would put their credit at risk, for example,” noted Mike Spinney, senior privacy analyst with Ponemon. “Initial assessments may have indicated 100,000 folks, but in reality only 50,000 were on the missing disk … that kind of thing can result in wasted money and effort in making notice.”

Overall, the report found the average cost of a breach in 2009 rose to $204 per compromised record, up from $202 in 2008. The PGP-commissioned study also found that the average organizational cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009.

According to the report, the biggest driver of data breach costs is the loss of existing and future customers, which is referred to as the “abnormal churn rate.” The industries with the highest churn ratesall standing at 6 percentwere pharmaceuticals, communications and health care. The financial services industry had a churn rate of 5 percent. Overall, the average abnormal churn rate across all industries stood at 3.7 percent in 2009, 0.1 percent higher than in 2008.

“Customers are increasingly aware of and expecting a secure level of protection and privacy for the data they entrust to businesses,” PGP CEO Phillip Dunkelberger said in a statement. “Our study with the Ponemon Institute continues to demonstrate that companies whose data is not protected are not only facing expensive direct costs from cleaning up a data breach, but also a loss in customer confidence that has long-lasting ramifications.”

While breaches caused by negligent insiders decreased, the portion caused by malicious criminal attacks and botnets rose to 24 percent in this year’s studydouble the percentage from 2008. The cost of falling victim to such an attack, $215 per record, is roughly 40 percent higher than the cost of a breach involving a negligent insider, the study found.

Meanwhile, businesses seem to be investing more heavily in technology to deal with the problem. Use of encryption (58 percent), identity and access management (49 percent), and data loss prevention products (42 percent) all increased among study participants.

“Any effective data security strategy requires a balance of technology, awareness and education as it relates to a company’s policies and procedures,” Spinney told eWEEK. “I believe the increase in breaches due to malicious attacks reveals an improvement in an organization’s ability to detect such attacks, but it does not necessarily suggest that individuals are more vigilant. Awareness is an ongoing effort and one of the least costly components of an effective data security strategy.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.