We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Security breaches cost businesses customers

Data loss more costly than first thought

Companies that have lost sensitive data are being shunned by consumers, according to a new study.

The Ponemon Institute, which studies privacy procedures in companies and government organisations, studied 43 US companies that lost sensitive data last year. The research revealed that on average, it cost the companies $202 (£141) for every data record lost in 2008. That's compared with $197 (£138) in 2007, $182 (£127) in 2006 and $138 (£96) in 2005, the first year the study was conducted.

Factored into those figures are how much companies spend on detecting data losses, costs incurred notifying victims and hiring forensic experts and paying for free credit checks for affected consumers, among others.

The most costly factor, however, was loss of business. Of the $202 (£141), $139 (£97) represented the cost of lost business, up 69 percent over 2007.

"The growth in lost business costs demonstrates consumers do not take a breach of their trust and privacy lightly and have not become desensitised to the issue," the study said.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Health-care and financial-services companies that lost data suffered the worst backlash from consumers. The churn rate - or the rate at which people change their provider - was 6.5 percent for health care and 5.5 percent for financial services, the study found. Health-care organisations also face a higher-than-average cost per record lost, at $282 (£197).

Last month, the Identity Theft Resource Center (ITRC) found that more than 35 million data records were breached in 2008 in the US, a record number. The majority of the lost data was neither encrypted nor protected by a password.

ITRC counted 656 breaches in 2008, that's 47 percent more incidents than the 446 breaches in 2007.

Information about the breaches was collected by tracking media reports and the disclosures companies are required to make by law. But the ITRC said it is likely many more than 35 million records were lost since some companies do not reveal how many records were compromised.

See also: NHS Mytob attack was entirely avoidable

IDG UK Sites

LG G4 launch live blog: What to expect from the LG G4 launch

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

Doctor Who scoops VFX gong at BAFTA TV Craft Awards

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......