The Ponemon Institute, a privacy and information management research firm, released its fifth annual U.S. Cost of a Data Breach Study (the “Study”). According to the Study the cost of a data breach increased two dollars from last year to $204 per compromised record. Although the number of reported data breaches decreased (657 in 2008 and 498 in 2009), the average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009.
Other key findings include:
- Companies are spending more money on legal defense related to data breaches, the cost of which rose by more than 50% from last year;
- Third party service providers account for 42% of all data breaches;
- The leadership of a chief information security officer or equivalent position substantially reduces the total cost of data breaches;
- Stolen or lost laptops or other removable devices accounted for 33% of all data breach cases in 2009; and
- About 36% of the surveyed companies notified affected individuals within one month of discovering the data breach.
The Ponemon Institute derived its findings by examining the cost incurred by 45 organizations that have experienced data breaches. These cases ranged from 5,000 to 101,000 compromised records involving companies from across all industries, including financial, retail, healthcare, education, technology, manufacturing and transportation. The most expensive data breach surveyed cost nearly $31 million to resolve, and the least expensive cost $750,000.