Study reveals the true cost of a data breach in the UK

Research by the Ponemon Institute found that the average total cost per incident was more than £1.4 million. The “2007 Annual Study: UK Cost of a Data Breach” also reveals that the financial impact of lost business due to reduced consumer trust was the most significant component of data breach costs. This first-annual UK study was sponsored by PGP Corporation and Symantec.

The report released today focuses on the cost of activities resulting from actual data loss incidents as well as identifying the most frequent causes and likely technology responses to a data breach. Breaches included in the survey ranged from 2,500 to more than 125,000 records from 21 UK businesses spanning eight different industry sectors. Among the key findings:

• The average total cost of a data breach ranged from £84,000 to almost £3.8 million, with an average of £47 per record compromised
• 36 percent of reported costs were due to lost business, with an abnormal customer churn rate (higher than average) of 2.5 percent after a breach
• The cost of a data breach for financial services organisations was more than 17 percent higher than average, at £55 per record compromised
• 38 percent of respondents reported breaches by third-party organisations, such as outsourcers, consultants and business partners, at a significantly higher cost per record compromised and
• – 36 percent of data breaches resulted from lost and stolen laptops or other mobile devices.

  Survey respondents identified encryption and data loss prevention solutions as the top two technology responses following a data breach, indicating that UK organisations increasingly understand the benefits of deploying enterprise data protection to defend data against future breaches.