UK costs of data breach up 68pc in five years

21 Mar 2012

Employee negligence is behind 36pc of all data breaches, the cost of which has risen for the fifth consecutive year, a study by Symantec Corp and Ponemon Institute suggests.

The 2011 Annual Study: UK Cost of a Data Breach found that the average cost per capita of a data breach rose to stg£79 per record, which is an increase from stg£71 in 2010 and 68pc higher than stg£47 in 2007.

Despite a rise in cost per record, the study also shows that the actual organisational cost of a breach has decreased from stg£1.9m in 2010 to stg£1.75m in 2011, suggesting that businesses have made improvements in anticipating and responding to data breaches. 

Data breaches cost companies an average of stg£79 per compromised record – of which £37 pertains to indirect costs, such as lost business, reputational damage or churn of existing customers, according to the study.

“While Ponemon Institute takes into consideration the costs of the actual data loss related to records, in recent years there has also been an increased consciousness amongst businesses that valuable intellectual property and private communications can present a great source of risk to a company’s financial stability,” said Mike Jones, senior product marketing manager, Symantec.

Data security risks from workers

The biggest data security risk to organisations are its employees or contractors, who are responsible for more than a third (36pc) of all data breaches, the study reveals.

“In addition, the report shows a large proportion of data breaches are actually caused by individual negligence,” said Jones. “Businesses need to show they are aware of this and be seen to react in an appropriate way. They need to take protective measures to proactively monitor the level of control and the access to company data that they give to individual employees and prevent accidental or purposeful misuse.”

The report indicates that fewer records are being lost in breaches and businesses that do suffer data loss are less likely to be abandoned by customers, with the average abnormal churn decreasing from 3.3pc in 2010 to 2.9pc.

Yet, certain industries, such as financial services or pharmaceutical companies, remain more susceptible to customer churn, causing the cost of their data breaches to be higher than the average.

The study also showed that for those organisations with a chief information security officer that has overall responsibility for enterprise data protection, the average cost of a data breach can be reduced as much has stg£18 per compromised record.