We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Security breaches cost businesses customers

Data loss more costly than first thought

Companies that have lost sensitive data are being shunned by consumers, according to a new study.

The Ponemon Institute, which studies privacy procedures in companies and government organisations, studied 43 US companies that lost sensitive data last year. The research revealed that on average, it cost the companies $202 (£141) for every data record lost in 2008. That's compared with $197 (£138) in 2007, $182 (£127) in 2006 and $138 (£96) in 2005, the first year the study was conducted.

Factored into those figures are how much companies spend on detecting data losses, costs incurred notifying victims and hiring forensic experts and paying for free credit checks for affected consumers, among others.

The most costly factor, however, was loss of business. Of the $202 (£141), $139 (£97) represented the cost of lost business, up 69 percent over 2007.

"The growth in lost business costs demonstrates consumers do not take a breach of their trust and privacy lightly and have not become desensitised to the issue," the study said.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Health-care and financial-services companies that lost data suffered the worst backlash from consumers. The churn rate - or the rate at which people change their provider - was 6.5 percent for health care and 5.5 percent for financial services, the study found. Health-care organisations also face a higher-than-average cost per record lost, at $282 (£197).

Last month, the Identity Theft Resource Center (ITRC) found that more than 35 million data records were breached in 2008 in the US, a record number. The majority of the lost data was neither encrypted nor protected by a password.

ITRC counted 656 breaches in 2008, that's 47 percent more incidents than the 446 breaches in 2007.

Information about the breaches was collected by tracking media reports and the disclosures companies are required to make by law. But the ITRC said it is likely many more than 35 million records were lost since some companies do not reveal how many records were compromised.

See also: NHS Mytob attack was entirely avoidable

IDG UK Sites

What to watch on Netflix: The 95 best movies on Netflix UK 2015

IDG UK Sites

Race to claim thinnest smartphone is pointless: Let's focus on the important things

IDG UK Sites

Free indie comics: Nobrow launches a digital comics iPad app

IDG UK Sites

Apple Q1 2015 financial results: Analysts predict Apple's holiday quarter sales ahead of Tuesday's...