Data breaches: Loss of business biggest cost

Almost half of data breach costs paid for in loss of business...

Almost half of data breach costs paid for in loss of business...

Organisations that suffer data breaches pay heavily in lost business, according to the Ponemon Institute.

A study by the institute found that almost half the costs associated with a breach can be attributed to loss of business, which accounts for 48 per cent of the £1.9m average cost of each incident.

Loss of business is calculated by the Ponemon Institute to include the loss of existing and future customers, as well as a change in behaviour from current clients.

Nearly 50 per cent of the cost of a data breach occurs in the long term as customers alter their behaviour towards the business or organisation

Nearly 50 per cent of the cost of a data breach occurs in the long term as customers alter their behaviourPhoto: Shutterstock

Larry Ponemon, founder and chairman of the Ponemon Institute, told that these losses are likely to be felt over the lifetime of a customer's interaction with the business.

"A few customers will actually leave but for many their behaviour might change," explained Ponemon. "Say it's a building society, you may not stop banking with them but you may find an organisation that you trust more where you carry out, for example, online banking. You tend to lose a large chunk of that person's revenue over the lifetime of that customer."

There is also an impact on future business. "There is a period of time where it also costs businesses more to acquire each new customer," Ponemon said.

He added that only about 50 per cent of the costs associated with data breaches are directly felt. "Direct costs can include anything from, 'We know we irritated our customers so we'll give them a gift card' to employing a consultant to solve issues associated with the data breach."

Ponemon also said different types of organisations face different associated costs, especially where one organisation relies on trust more than another.

"Data breach is a bigger deal for organisations that rely on trust, such as financial organisations than, say, retail organisations. A retail organisation may lose your credit card details but...

...would not face the same rate of churn as a bank would."

Costs are also experienced by public sector organisations that suffer data breaches. "If you're a government organisation, churn doesn't have the same meaning but can still have a cost. For instance, if you were starting to use self-service features for paying tax or a parking ticket, a fear of your data being lost may make you go back to not using the self-service option, which has a cost for government organisations," Ponemon added.

System failure was reported as the biggest cause of data breach, resulting in 37 per cent of all cases. System failure overtook negligence, which caused 34 per cent of cases in 2010, 11 per cent less than in 2009.

Data breach caused by malicious or criminal attacks rose by five per cent to 29 per cent of all cases. The report also found that the cost of data breaches caused by malicious attacks was greater than any other kind of data breach.

A separate security report released by Cisco earlier this year showed that cybercriminals are increasingly turning away from PCs to the softer targets provided by mobile devices such as smartphones and tablets.

However, the Ponemon report suggests businesses are taking steps to prevent malicious attacks occurring through mobile devices, with 64 per cent of businesses stating that mobile device encryption was either very important or important.