Study: Data losses proving more costly for businesses
Data breaches are costing companies more than ever as consumers shun those that have lost information, according to a new study.
Data breaches have proven to be a downside of the information age as personal and financial information face threats from hackers, careless employees and thieves.
The study is based on a survey of 43 U.S. companies that lost data in 2008, ranging from 4,200 records to 113,000 records across 17 industry sectors, according to the Ponemon Institute, which studies privacy practices at companies and government organizations.
It cost companies on average US$202 for every data record lost in 2008. That's compared with $197 in 2007, $182 in 2006 and $138 in 2005, the first year the study was conducted.
Factored into those figures are how much companies spend on detecting data losses, costs incurred notifying victims and hiring forensic experts and paying for free credit checks for affected consumers, among others.
The most costly factor, however, was loss of business. Of the $202, $139 represented the cost of lost business, up 69 percent over 2007.
"The growth in lost business costs demonstrates consumers do not take a breach of their trust and privacy lightly and have not become desensitized to the issue," the study said.
Health-care and financial-services companies that lost data suffered the worst backlash from consumers. The churn rate -- or the rate at which people change their provider -- was 6.5 percent for health care and 5.5 percent for financial services, the study found. Health-care organizations also face a higher-than-average cost per record lost, at $282.
So far about 44 U.S. states have data loss notification laws, but the laws can vary widely. For example, some companies do not have to tell customers if data is scrambled with 128-bit encryption or if the breach was stopped before information was wrongly acquired.
Last month, the Identity Theft Resource Center (ITRC) found that more than 35 million data records were breached in 2008 in the U.S., a record number. The majority of the lost data was neither encrypted nor protected by a password, the ITRC's report found.
ITRC counted 656 breaches in 2008 from a range of well-known U.S. companies and government entities. That was than 47 percent more incidents than the 446 breaches in 2007.
Information about the breaches was collected by tracking media reports and the disclosures companies are required to make by law. But the ITRC said it is likely many more than 35 million records were lost since some companies do not reveal how many records were compromised.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data breach
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.














Perhaps some useful statsistics - together or by themselves
Perhaps some useful statsistics - together or by themselves - i.e the cost of a lost piece of data at $202 - that is only one piece of data or call it record. What would the cost be to i.e. a bank, to a retailer who's File Server is down for 4+ hours and over 50,000 customer records sit idle not generating revenue - if the cost per record is only 50 cents (that's out of comission), unable to use file server data just cost the company a starting $25,000 and growing when you add... however an inservice record generating revenue may be worth a $1.00 per record - then the file server down problem (users can't access the data) has become a $50,000 starting problem and growing...:)
Spread the gospel...
バッテリー
大阪でバッテリー販売。 セルモーターリビルト。 オルタネーターリビルト。リビルト在庫多数。大阪で電装品販売。リンク品在庫多数。大阪でウイング車モーター修理・販売・在庫多数。大阪でパワーゲート車モーター修理・販売・在庫多数。