• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Ponemon Study Reveals Each Lost Customer Record Costs UK Firms 60 pounds Sterling

Posted on: Wednesday, 4 February 2009, 02:00 CST

Cost of a data breach up 28% on 2007; loss of business is main contributor to costs

LONDON and TRAVERSE CITY, Mich., Feb. 4 /PRNewswire/ -- Privacy and information management research firm Ponemon Institute and PGP Corporation, a global leader in enterprise data protection, today announced the results of the second annual study into the costs incurred by UK businesses after experiencing a data breach. The "2008 Annual Study: UK Cost of a Data Breach," undertaken by the Ponemon Institute and sponsored by PGP Corporation Research found that the average total cost per incident had risen to 1.7 million pounds in 2008, up from last year's figure of 1.4 million pounds. On average, each lost customer record costs firms 60 pounds, a 28% increase on 2007's figure of 47 pounds. For the second year running, lost business due to reduced consumer trust was the main contributor to overall data breach costs.

The report focuses on the cost of activities resulting from actual data loss incidents, as well as identifying the most frequent causes and likely technology responses to a data breach. The magnitude of breach events included in the survey ranged from 4,100 to more than 92,000 records compromised, from 30 UK businesses spanning ten different industry sectors.

The key findings in the report are as follows:

• The total cost of a data breach ranged from 160k pounds to 4.8 million pounds, with an average cost of 60 pounds per customer record - a 28% increase on 2007's figure of 47 pounds per record
• 53% of reported costs were due to lost business, suggesting that the UK public cares deeply about the loss or theft of their personal information
• 70% of all cases in this year's study involved insider negligence, emphasising that more needs to be done to educate staff on the importance of safeguarding information. Only 30% of incidents involved malicious acts
• 33% of data breach cases in 2008's study resulted from third-party errors. Data breaches involving outsourced data to third parties are the most costly - 67 pounds per victim, as opposed to just 56 pounds per victim when third parties were not involved
• Costs associated with detection, escalation, and ex-post response (i.e. communication from the customer after a breach) have decreased slightly in 2008, suggesting that businesses are improving their processes to uncover, manage and communicate data breaches

Survey respondents identified encryption and identity and access management solutions as the top two technology responses following a data breach. Control practices and training and awareness programmes were cited as the top two manual processes. This suggests that UK organisations understand that an enterprise data protection strategy that is supported and understood by all employees must be implemented to properly safeguard information.

"In just the second year of this UK study, research proves, UK businesses continue to pay dearly for having a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."

The study, sponsored by PGP Corporation and independently conducted by the Ponemon Institute, examines the financial consequences of data breaches involving consumers' personally identifiable information. The study uses objective methods for quantifying specific activities that result in direct, indirect and opportunity costs from the loss or theft of personal information, thus requiring notification to breach victims as required by law or policy.

"2008 saw no slow down to the stream of data breaches started in 2007 - if anything they've gotten bigger and more costly," said Phil Dunkelberger, president and CEO of PGP Corporation. "In this current climate, organisations are taking desperate measures to preserve their reputation and retain customers; this study shows they simply cannot afford to lose out to competitors as a result of poor data security."

A copy of the "2008 Annual Study: UK Cost of a Data Breach" may be obtained from PGP Corporation via this weblink: www.encryptionreports.com

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP(R) Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP(R) platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP(R) solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune 100, 75 percent of the Fortune Global 100, 87 percent of the German DAX Index, and 51 percent of the UK FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at www.pgp.com

Analyst and Media Contacts for PGP Corporation: Jacqui Depares / Richard Scarlett Johnson King +44 (0) 20 7401 7968 pgpteam@johnsonking.co.uk Media Contact for Ponemon Institute: Mike Spinney Ponemon Institute + 1 978 597 0342 mspinney@ponemon.org

Legal Notice Regarding Forward-Looking Statements

Some of the statements in this press release are forward-looking, including statements regarding the availability, plans, delivery, goals, development, expected features, expected benefits and competitive position of PGP products implementing or leveraging the PGP technologies. All references made to product feature enhancements, improvements in Platform support or additional functionality are subject to change at PGP Corporation's sole discretion. All future descriptions of PGP technology and products are subject to availability only if PGP Corporation decides to build them and when PGP Corporation decides to make them commercially available. Actual results could differ materially from those expressed in any forward-looking statements. Risks and uncertainties that PGP Corporation faces that could cause results to differ materially include risks associated with any unforeseen technical difficulties or software errors related to the final development and launch of any of PGP Corporation's products; any technological, regulatory, or standards changes in the security, encryption and authentications market which could make PGP Corporation's products less competitive or require feature changes in these products; any slowdown in the adoption by businesses of encryption suites, secure email, Internet technologies or related standard. The forward-looking statements contained in this release are made as of the date hereof, and PGP Corporation does not assume any obligation to update such statements nor the reasons why actual results could differ materially from those projected in such statements.

PGP and the PGP logo are registered trademarks of PGP Corporation. Product and brand names used in the document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners.

SOURCE PGP Corporation

Source: PR Newswire

More News in this Category