Ponemon Study Shows Data Breach Costs Continue to Rise

February 2, 2009

MENLO PARK, Calif. and TRAVERSE CITY, Mich., Feb. 2 /PRNewswire/ — PGP
Corporation, a global leader in enterprise data protection, and the Ponemon
Institute, a privacy and information management research firm, today announced
results of the fourth annual U.S. Cost of a Data Breach Study. According to
the study which examined 43 organizations across 17 different industry
sectors, data breach incidents cost U.S. companies $202 per compromised
customer record in 2008, compared to $197 in 2007. Within that number, the
largest cost increase in 2008 concerns lost business created by abnormal
churn, meaning turnover of customers. Since the study’s inception in 2005,
this cost component has grown by more than $64 on a per victim basis, nearly a
40% increase.

The annual U.S. Cost of Data Breach Study tracks a wide range of cost
factors, including expensive outlays for detection, escalation, notification
and response along with legal, investigative and administrative expenses,
customer defections, opportunity loss, reputation management, and costs
associated with customer support such as information hotlines and credit
monitoring subscriptions.

Other key findings from the study include the following:

— Average total per-incident costs in 2008 were $6.65 million, compared
to an average per-incident cost of $6.3 million in 2007.

— Healthcare and financial services companies experienced the highest
churn rate — 6.5 percent and 5.5 percent respectively, on a total average of
3.6 percent, which reflect the sensitivity of the data collected and the
customer expectation that information will be protected.

— Third-party organizations accounted for more than 44 percent of all
cases in the 2008 study and are also the most costly form of data breaches due
to additional investigation and consulting fees.

— More than 84 percent of 2008 cases involved organizations that had had
more than one data breach in 2008 — meaning that companies are becoming more
experienced in managing breaches over time.

— More than 88% of all cases in this year’s study involved insider

— More than half of respondents believe that training and awareness
programs assist in preventing future breaches and 44 percent have expanded
their use of encryption.

— The most significant cost decrease was seen in activities relating to
post-breach response, which indicates that organizations are becoming more
cost effective in managing data breaches.

“After four years of conducting this study, one thing remains constant,
U.S. businesses continue to pay dearly for having a data breach,” said Dr.

Larry Ponemon, chairman and founder of the Ponemon Institute. “As costs only
continue to rise, companies must remain on guard or face losing valuable
customers in this unpredictable economy.”

The study, sponsored by PGP Corporation and independently conducted by the
Ponemon Institute, examines the financial consequences of data breaches
involving consumers’ personally identifiable information. The study uses
objective methods for quantifying specific activities that result in direct,
indirect and opportunity costs from the loss or theft of personal information,
thus requiring notification to breach victims as required by law or policy.

“In this current economic climate, U.S. businesses can’t afford to give
their customers any reason to go elsewhere,” said Phillip Dunkelberger,
president and CEO of PGP Corporation. “This study continues to show that the
results of a data breach can seriously wound a company’s bottom line and
reputation. This begs the question, when are organizations going to get
proactive about protecting their critical data.”

The U.S. Cost of a Data Breach Study was derived from a detailed analysis
of 43 data breach cases with a range of 4,200 to 113,000 records that were
affected. The study found that there is a positive correlation between the
number of records lost and the cost of an incident. Companies analyzed were
from 17 different industries, including financial, retail, healthcare,
services, education, technology, manufacturing, transportation, consumer,
hotels and leisure, entertainment, marketing, pharmaceutical, communications,
research, energy and defense. Copies of the study are available via this
weblink: http://www.encryptionreports.com

About the Ponemon Institute

The Ponemon Institute(C) is dedicated to advancing responsible information
and privacy management practices in business and government. To achieve this
objective, the Institute conducts independent research, educates leaders from
the private and public sectors and verifies the privacy and data protection
practices of organizations in a variety of industries.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software
for enterprise data protection. Based on a unified key management and policy
infrastructure, the PGP(R) Encryption Platform offers the broadest set of
integrated applications for enterprise data security. PGP(R) platform-enabled
applications allow organizations to meet current needs and expand as security
requirements evolve for email, laptops, desktops, instant messaging,
smartphones, network storage, file transfers, automated processes, and

PGP(R) solutions are used by more than 80,000 enterprises, businesses,
and governments worldwide, including 95 percent of the Fortune(R) 100, 75
percent of the Fortune(R) Global 100, 87 percent of the German DAX Index, and
51 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned
a global reputation for innovative, standards-based, and trusted solutions.
PGP solutions help protect confidential information, secure customer data,
achieve regulatory and audit compliance, and safeguard companies’ brands and
reputations. Contact PGP Corporation at http://www.pgp.com.

     Media Contacts for PGP Corporation:
     Christina Grenier
     PGP Corporation
     +1 650 543 3697

     Tom Rice
     Merritt Group
     +1 703 856 2218

     Media Contact for Ponemon Institute:
     Mike Spinney
     Ponemon Institute
     + 978 597 0342

Legal Notice Regarding Forward-Looking Statements

Some of the statements in this press release are forward-looking,
including statements regarding the availability, plans, delivery, goals,
development, expected features, expected benefits and competitive position of
PGP products implementing or leveraging the PGP technologies. All references
made to product feature enhancements, improvements in Platform support or
additional functionality are subject to change at PGP Corporation’s sole
discretion. All future descriptions of PGP technology and products are subject
to availability only if PGP Corporation decides to build them and when PGP
Corporation decides to make them commercially available. Actual results could
differ materially from those expressed in any forward-looking statements.
Risks and uncertainties that PGP Corporation faces that could cause results to
differ materially include risks associated with any unforeseen technical
difficulties or software errors related to the final development and launch of
any of PGP Corporation’s products; any technological, regulatory, or standards
changes in the security, encryption and authentications market which could
make PGP Corporation’s products less competitive or require feature changes in
these products; any slowdown in the adoption by businesses of encryption
suites, secure email, Internet technologies or related standard. The forward-
looking statements contained in this release are made as of the date hereof,
and PGP Corporation does not assume any obligation to update such statements
nor the reasons why actual results could differ materially from those
projected in such statements.

PGP and the PGP logo are registered trademarks of PGP Corporation. Product
and brand names used in the document may be trademarks or registered
trademarks of their respective owners. Any such trademarks or registered
trademarks are the sole property of their respective owners.

SOURCE PGP Corporation

Source: newswire

comments powered by Disqus