Data Breach Cost Declines for 2nd Year


While there are still significant challenges to overcome, there is good news in the battle against data breaches.

According to the 2013 Cost of Data Breach Study from Symantec and the Ponemon Institute, the cost of a data breach in the United States declined to $188. This is the second year in a row that Ponemon saw a drop. In the 2012 study, it reported the cost of a data breach was $194 per record, which was a decline from the $214 per record reported in 2011.

According to Symantec, the declining cost of a data breach in the U.S. provides proof that some security investments are paying off.

"We're starting to see a return on investment for people being prepared to deal with a data breach, "Robert Hamilton, director product marketing at Symantec, told eSecurity Planet. "I would expect that we will start to see a slow and steady decline in the cost-per-record lost."

Larry Ponemon, author of the report and head of the Ponemon Institute, explained to eSecurity Planet that it's important to understand the components of what drives up data breach costs. One such component is cost of customer churn, which Ponemon found decreased 13 percent in the latest study. However, the decline in customer churn might be attributed in part to an increase in data breaches.

"As individuals get more notifications, they get used to them," Ponemon said. "So after awhile, you are just immune to the notification, because you haven't really suffered."

So after receiving a first data breach notice, a customer might worry he or she will become an identity theft victim. By the third notification, however, customers are likely to simply not worry as much.

Data Breach Causes

In terms of why data breaches are occurring in the first place, the study reported that 35 percent are the result of negligence. Glitches represent 29 percent, and malicious activity represents 37 percent.

While malicious activity is not responsible for the majority of data breaches, Ponemon stressed that it is the dominant reason for increased cost. Data breaches from malicious activity cost $277, while system glitches cost $174 and negligence only costs $159 per lost record.

One of the most common ways an attacker can breach data is by way of weak user passwords. While some might categorize consider a weak user password as negligence, Ponemon explained that if an attacker makes use of the weak password, the Ponemon Institute categorizes it as malicious activity.

Sean Michael Kerner is a senior editor at Enterprise Networking Planet and Follow him on Twitter @TechJournalist.