An annual benchmark survey of data breaches across multiple industries, now in its sixth year, finds for the first time that malicious or criminal attacks are the most expensive cause of breaches and no longer are the least common type of breach.

Research firm Ponemon Institute conducted the "2010 U.S. Cost of a Data Breach," study, which examines the costs that 51 organizations in 15 industries incurred following a large breach. The size of studied breaches ranged form 4,200 records to 105,000. Security firm Symantec Corp. sponsored the study.

Researchers found that nearly a third of studied breaches resulted from malicious or criminal attacks, up 7 percent in one year after doubling in 2009. The average cost of a compromised record from such an attack was $318, up 48 percent in a year. Other findings include:

* The average turnover of customers after data breaches across all studied organizations was 4 percent, but the health care and pharmaceutical sectors were highest at 7 and 8 percent, respectively. Customer turnover--which equates to lost business--remains the dominant factor in data breach costs. "Regulatory compliance contributes to lower churn rates by boosting customer confidence in organizations' IT security practices," according to the study.

* The average cost per breached record across the 15 industries in 2010 was $214; health care was the fourth highest at $301.

* Organizations increasingly are favoring a rapid response to breaches even if the cost of remediation is significantly higher. Forty-three percent notified victims within a month of discovering a breach, up 7 percent in one year. These quick movers paid an average of $268 per record while slower responders paid an average of $174. "The notable increase in companies responding quickly to breaches, despite the additional cost, may reflect pressure companies feel to comply with commercial regulations and state and federal data protection laws," report authors note.

The study is available here.

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access