Data breach costs rise with criminal attacks

Data breach costs rise with criminal attacks

Summary: Criminals are driving up the cost of data breaches for U.S. business, according to researchers at the Ponemon Institute and Symantec.

SHARE:
TOPICS: Security
10

Criminals are driving up the cost of data breaches for U.S. business, according to researchers at the Ponemon Institute and Symantec.

The U.S. Cost of Data Breach survey released today by the Ponemon Institute and sponsored by Symantec, showed the cost of a data breach rose for the fifth straight year to an average $7.2 million per incident, up 7 percent from 2009. That's $214 for every compromised customer record breached.

The most expensive breach reported in 2010 was $35.3 million, and the least expensive was $780,000, both up from the previous year.

A key factor in the rising cost is the fact that criminals account for a larger share of the data breaches and they significantly more expensive to contain and fix.

Deliberate, criminal attacks rose nearly 30 percent last year, now accounting for 31 percent of all attacks (negligence, like lost hard drives or document, still accounts for 41 percent of breaches) and the cost of malicious attacks is is rising even faster,  jumping 48 percent, to an average of $318 per compromised, wrote Dr. Larry Ponemon, founder and chairman of the institute, on his blog.

Malicious attacks create more costs because they are harder to detect, the investigation is more involved and they are more difficult to contain and remediate. Another reason malicious attacks are so expensive is the criminal is out to monetize their work; they're trying to profit off the breach.

Other factors behind rising costs:

Better awareness: Breaches are less likely to go undetected and/or unreported. This is motivated by the threat of potential legislation and legislation. So far, 46 U.S. states have passed such measures, with varying definitions of a breach, deadlines for notifying customers and punishments for failing to comply."

Faster (costlier) response: More companies favor a rapid response. This 43 percent of companies notified customers within 30 days.

From Dr. Ponemon's blog:

"For the second year, we've seen companies that quickly respond to data breaches pay more than companies that take longer. This year, they paid 54 percent more."

From Bloomberg:

"One of the factors that's raising the costs is the detection, forensics and upfront work to get to the bottom of the issue," said [Ponemon]. "As more malicious attacks come online, organizations are paying more attention and are investing in their networks."

There are also dozens of indirect costs like loss of customers and better preparation required to meet potential threats -- detection and escalation costs went up by 72 percent, suggesting that companies are investing more resources in prevention and detection.

From InformationWeek:

Encryption has become more popular lately because data breach regulations often exempt companies from notification requirements if the lost data was encrypted.

This trend is partially reflected in the survey, which found: an increase in the number of organizations with an "above average IT security posture"; a decrease in breaches due to system failure, lost or stolen devices, and third-party mistakes; and more companies responding faster and putting [Chief Information Security officers] in charge of response management.

After five years of growth, the cost of data breaches is expected to retreat, according to Pokemon.

Most privacy advocates and people in the data protection community believe that data breach costs will start coming down eventually because consumers will become somewhat immune to data breach news. The idea is that data breach notifications will become so commonplace that customers just won't care anymore.

But, that hasn't happened yet...

Related Content:

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • RE: Data breach costs rise with criminal attacks

    Well, this Tuesday and part of the Wednesday, 8 and 9th March, one of the leading DNS management providers zoneedit was down, due to malicious activities, according to their support staff. That means thousands of sites and businesses were out of business. for more than 24 hours.
    Orleen
  • How is this a rise?

    This is the first year of the study, a rise from what? It could be a decline for all you know. One data point is not enough to state anything. The survey was sponsored by PGP Corporation, not Symantec. The cost of media hype and hysteria was not included in the study, but after reading this article and given the contrary facts, it should have been.

    Guys, do your research before writing out sensationalist headlines. There is a real issue with security breaches and there isn't the need for sensationalism as it destroys credibility and believability.
    jbmetrics
    • RE: Data breach costs rise with criminal attacks

      @jbmetrics and I'd like to add misinformation spreading to that list.
      tom@...
  • RE: Data breach costs rise with criminal attacks

    I quote "After five years of growth, the cost of data breaches is expected to retreat, according to Pokemon."
    blindbarry
    • RE: Data breach costs rise with criminal attacks

      @blindbarry Yeah, a leading company called Mudkip Research supplied this whole study!
      snoop0x7b
      • RE: Data breach costs rise with criminal attacks

        @snoop0x7b LMFAO
        Jimster480
  • RE: Data breach costs rise with criminal attacks

    Two questions:
    1. In the line "After five years of growth, the cost of data breaches is expected to retreat, according to Pokemon", is this supposed to read Ponemon?
    2. A question from the quote "For the second year, we?ve seen companies that quickly respond to data breaches pay more than companies that take longer." Is it then better for firms to take their time and not respond quickly?
    giscoobe
  • RE: Data breach costs rise with criminal attacks

    Gee I wonder why.
    With the economy as it is, was wondering why is there isn't more breaches.
    phatkat
  • RE: Data breach costs rise with criminal attacks

    "After five years of growth, the cost of data breaches is expected to retreat, according to Pokemon."
    Pokemon heh?
    Jimster480
  • RE: Data breach costs rise with criminal attacks

    This is a serious issue for businesses to keep and mind and remain on top of things. The risk of a security breach should be enough to entice businesses to invest in solutions that will keep their information protected. Here at Dydacomp we work with all our multichannel businesses on protecting the integrity of their customer data. A security breach can easily end up costing them more then taking precautionary measure to avoid it.

    Thanks for this!

    Molly Griffin
    Dydacomp
    http://www.Dydacomp.com
    Molly G @...