Subscribe
Kevin Spurway
  • Home
  • /
  • Storage
  • /
  • New Ponemon study reveals true cost of data breach in the UK

New Ponemon study reveals true cost of data breach in the UK

Lost business amounts to 36% of costs; encryption and data loss prevention listed as solutions
By Exclusive Networks Africa
Johannesburg, 11 Mar 2008

Privacy and information management research firm Ponemon Institute, PGP Corporation, a global leader in enterprise data protection, and Networks Unlimited today announced the results of the first study on the costs incurred by UK businesses after experiencing a data breach.

Research by the Ponemon Institute found that the average total cost per incident was more than £1.4 million (approximately R22.4 million). The "2007 Annual Study: UK Cost of a Data Breach" also reveals that the financial impact of lost business due to reduced consumer trust was the most significant component of data breach costs.

The report released today focuses on the cost of activities resulting from actual data loss incidents as well as identifying the most frequent causes and likely technology responses to a data breach. Breaches included in the survey ranged from 2 500 to more than 125 000 records from 21 UK businesses spanning eight different industry sectors. Among the key findings:

* The average total cost of a data breach ranged from £84 000 to almost £3.8 million, with an average of £47 per record compromised;
* 36% of reported costs were due to lost business, with an abnormal customer churn rate (higher than average) of 2.5% after a breach;
* The cost of a data breach for financial services organisations was more than 17% higher than average, at £55 per record compromised;
* 38% of respondents reported breaches by third-party organisations, such as outsourcers, consultants and business partners, at a significantly higher cost per record compromised; and
* 36% of data breaches resulted from lost and stolen laptops or other mobile devices.

Survey respondents identified encryption and data loss prevention solutions as the top two technology responses following a data breach, indicating that UK organisations increasingly understand the benefits of deploying enterprise data protection to defend data against future breaches.

"This study establishes a first of its kind benchmark for organisations in the UK to calculate the risk and potential monetary consequences of a data beach," said Larry Ponemon, Chairman and founder of The Ponemon Institute. "Businesses and government in the UK are just now coming to realise the impact a data breach can have on an organisation and its customers, similar to developments in the United States five years ago when data breaches first became headline news."

Share

The Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organisations in a variety of industries.

PGP Corporation

PGP Corporation is a global leader in e-mail and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for e-mail, laptops, desktops, instant messaging, PDAs, network storage, file transfers, automated processes, and backups.

For more information, contact Networks Unlimited or visit us at www.nu.co.za.

Editorial contacts

Scott Martin
Removed (Networks Unlimited)
(011) 467 6000
scott@nu.co.za