The increasing costs of data breaches

The cost of responding to data breaches is on the rise, according to a recent study. The “2010 Annual Study: U.S. Cost of a Data Breach,” released in March by Symantec Corp. and privacy and information management research firm the Ponemon Institute, found that the cost to U.S. companies of data breach incidents in 2010 rose to $214 per compromised customer record compared with $204 per record in 2009. The study, which analyzed the data breach experiences of 51 U.S. companies from 15 different industry sectors, found no indication that the rising cost of responding to data breaches is slowing.

The report also found that:

• Companies that responded quickly in notifying breach victims had a higher per-record cost than those that moved more slowly. In 2010, companies that responded to a breach within a month after its occurrence had a per-record cost of $268, up 22 percent from 2009; companies that took longer paid $174 per record, down 11 percent.

• Malicious or criminal attacks are more expensive and are increasing.

• The number of breaches due to lack of compliance with a company’s security policies on the part of employees and/or company partners rose 41 percent from 2009 to 2010.

• The percentage of respondents using training and awareness programs after data breaches edged down slightly to 63 percent. Encryption, the second most implemented preventive measure, and data loss prevention (DLP) solutions have increased 17 percent since 2008.

• Read the main story, “Protecting government information,” to learn how cities and counties can minimize damages from security breaches with proper risk management.