Study: Cost of data breach in U.S. is highest world wide
A global study of data breach costs conducted by the Ponemon Institute finds notification laws have dramatic impact on the price tag
By Joan Goodchild , Senior Editor
April 28, 2010 — CSO —
U.S. corporations who are unfortunate enough to experience a data breach face much higher costs than organizations in other parts of the world. That's according to research released today by the Ponemon Institute and sponsored by security firm PGP Corporation. The study is the first time the Institute, which conducts an annual study looking at breach costs, has undertaken a worldwide investigation.
A similar study released earlier this year by the Ponemon Institute looked at breach costs in the U.S.
The research calculated the average cost of a data breach globally at $3.43 million last year, the equivalent of $142 per compromised customer record. However, costs varied dramatically between regions, from $208 per lost record in the U.S., down to $98 per record in the UK. A total of 133 organizations, located in five countries - Australia, France, Germany, UK and U.S. - participated in the research, which was conducted in 2009, according to a release from the Ponemon Institute and PGP.
The report reveals that costs incurred in countries with data breach notification laws were significantly higher than in countries where no such legislation exists. For example, in the U.S., where 46 states have now introduced laws forcing organizations to publicly disclose the details of breach incidents, the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were passed July 2009, costs were second highest; 25 percent above the worldwide average. In Australia, France and the UK, where data breach notification laws have not yet been introduced, costs were all below the average.
"The over-arching conclusion from this study is the staggering impact that regulation has on escalating the cost of a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "The U.S. figures are testament to this and it's clear that, as and when breach notification laws are introduced across the rest of the world, other countries will follow the same pattern and costs will rise."
The report also looked at business lost as a result of a breach. Almost half (44 percent) of the incurred data loss expenses related to the cost of lost business, reflecting the added expense of consumer churn and the increased difficulty of attracting new customers in the wake of negative publicity. Again, costs varied dramatically between countries and were highest in the U.S., where the cost of lost business was on average equivalent to 66 percent of overall expenses, said the Ponemon Institute.