Study: Data Breaches Becoming More ExpensiveStudy: Data Breaches Becoming More Expensive

The 2006 average was $182 per compromised record, including the cost of detection, escalation, notification, and follow-up help to victims. The Ponemon Institute's 2005 study cited a figure of $132 per record.

Thomas Claburn, Editor at Large, Enterprise Mobility

October 23, 2006

1 Min Read
information logo in a gray background | information

Data breaches are expensive, averaging $4.7 million per incident, and they're becoming even more costly.

These are some of the findings of the Ponemon Institute's "2006 Cost of Data Breach Study," released today.

Based on 31 real data losses, the study finds a vast disparity in the financial impact of breaches and the amount spent on remediation. Given an average cost of $4.7 million per breach--an average loss of 26,000 records at a cost of $182 per record--companies spent only $180,000 on preventing future data losses. Of the $4.7 million cost, about $2.5 million reflects the cost of lost business.

The cost of losing data rose from 2005 to 2006. The 2006 average was $182 per compromised record. The Ponemon Institute's 2005 study cited a figure of $132 per record. These figures include the cost of detection, escalation, notification, and follow-up help to victims.

The study concludes that the "most salient costs result from the diminishment of confidence and trust in the company, which translates into abnormal or unexpected customer turnover. Our work supports the notion, 'an ounce of prevention is worth a pound of cure.'"

The study was sponsored by PGP Corporation and Vontu Corporation, security technology companies that stand to benefit from the findings if businesses decide to invest in an ounce of prevention.

The Ponemon Institute characterizes itself as an organization "dedicated to advancing responsible information and privacy management practices in business and government." To help meet those goals, Ponemon says it conducts "independent research and education that advances responsible information and privacy management practices within business and government."

Read more about:

20062006

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, information, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights