A study conducted by the Ponemon Institute on behalf of Symantec (a security software company), shows that the average organizational cost of a data breach increased to $7.2 million and cost US companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009.
The study is based on the actual data breach experiences of 51 US companies from 15 different industry sectors. For the fifth year in a row, data breach costs have continued to rise (except, notably, in the Education sector, where costs fell from $203 per record in 2009 to $112 in 2010.)
The costs are applicable to organizations that experience large data breaches (between 1000 and 100,000 compromised records). Included in the business costs are expense outlays for detection, escalation, notification, and after-the-fact response.
The study also analyzes the impact of lost or diminished customer trust and confidence as measured by customer turnover rates. As could be expected, companies who have larger numbers of records breached, pay more per record because of the higher than normal turnover of customers.
Causes of data breaches: malicious or criminal attacks led to 31% of breaches, systems failures were around 27% and negligence around 41%.