Businesses Pay Higher Data-Breach Costs

The Ponemon Institute recently released their 2008 study on the total costs a business pays for a data breach. After interviewing 43 companies the 2008 cost rose 2.5% to $6.6 million per breach or $202 per record compromised over 2007 costs.

Due to state regulations, businesses must notify customers, employees and vendors that their confidential personal data has been lost, stolen or compromised. The costs reported by the Ponemon Institute are incurred no matter if the records were actually used in committing identity fraud.

 Other key revelations disclosed in the study showed that:

• 84% of the companies were repeat victims.
• New victims pay more for a breach than repeat companies.
• The cost of acquiring new customers is about 20% higher than the cost of maintaining a customer. Customers notified of a data breach are more likely to discontinue doing business with you.
• News headlines will discourage new customers from doing business with you.
• Healthcare and financial services have the highest rate of customer turnover after a breach.
• 88% of all breaches could be tied to employee negligence.

 The most-cited steps that companies took following a breach included:

• Employee training and awareness programs;
• Updated policies and procedures documents;
• Data encryption programs;
• Data access identity management; and
• Data destruction products.

 As a business owner you have the choice of either putting your customers at risk and potentially paying out $6.6 million, or being proactive at a fraction of the cost to keep and grow your customers?

 As a business owner, what are your concerns about implementing security?