U.S. organizations continue to experience increased costs from data breaches, according to a recent study from the consulting firm Ponemon Institute. The average organizational cost of a data breach increased nearly 2 percent, from $6.65 million in 2008 to $6.75 million in 2009.
The average cost per compromised record per breach rose only $2, from 2008’s $202 to $204 in 2009, the Traverse City, Mich.-based company stated. Indirect cost accounts for $144 of the $204.
Forty-five companies agreed to participate in the study with the reported number of individual records breached ranging from 5,000 to more than 101,000 records from 15 different industry sectors. Healthcare companies made up 11 percent of the study’s sample and 2 percent made up the pharmaceutical industry's representation.
Expectations of trust and privacy drive higher data breach costs, the study concluded. Researchers found organizations in highly trusted industries such as healthcare and pharmaceutical were more likely to experience a data breach with high abnormal churn rates or turnover of customers. Healthcare companies experienced a cost of $294 per compromised record while the pharmaceutical industry experienced a $310 cost per compromised record.
According to the report, an abnormal churn rate resulting directly from a data breach incident appears to be the main driver of data breach costs. Healthcare and pharmaceuticals industries both experienced a 6 percent turnover rate following a data breach.
On the whole, 42 percent of the breaches occurred due to external causes with 36 percent of all cases in the 2009 study involving lost or stolen laptop computers or other mobile data-bearing devices.
Specifically, the cost of a data breach involving a lost or stolen laptop was $225 per record for the 2009 study.