Breach of Faith, Loss of Dollars

By Peter Piazza

When companies lose customer information via data breaches, they lose an average of $14 million. That’s calculated from the responses of 14 companies that have actually suffered data breaches and agreed to complete a survey by The Ponemon Institute, which researches privacy management practices.

The survey’s respondents range from the large to the small, as do the size of the breaches. For example, some 900,000 accounts were compromised at a financial services organization; one retailer’s breach exposed credit card records of 120,000 shoppers; and at a higher education organization, data on 2,450 students was compromised.

The study broke the $14 million figure into direct costs, such as unbudgeted spending on legal counsel and mail notification letters, which accounted for $5 million, or $15 per lost customer record; indirect costs of $1.5 million for lost employee productivity; and opportunity costs from losing existing customers and recruiting new ones, which cost some $7.5 million, or $75 per lost record.

A related survey by The Ponemon Institute found that consumers “reacted extremely negatively” to notifications of loss, with 19 percent severing their relationship with the company in question, and another 40 percent considering doing so. Only 14 percent of the 9,000 respondents said they were not concerned. The implications for the bottom line are clear.

@ The report—Lost Customer Information: What Does a Data Breach Cost Companies?—is available at SM Online.



Ponemon_DataStudy0106.pdf1.37 MB



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.