The average cost per compromised record reached $128, up $5 (4%) from 2009, according to the 2010 Annual Study: Australian Cost of a Data Breach, which surveyed 19 Australian companies.
The most expensive data breach included in the 2010 study cost a company $4.2 million to resolve, up $201,000 (5%) from 2009. The least expensive data breach was $369,000, down $41,000 (10%) from 2009. Breach size in 2010 ranged from 3,200 to 65,000 lost or stolen records, with larger breaches remaining a more serious threat than smaller breaches.
In 2010, direct costs accounted on average for $52 (41%) of the total average cost per record, down $4 (7%) from 2009, when direct costs were $56 (45%) of the total. Indirect costs in 2010 were $76 (59%) of the total, up $9 (13%) from 2009. Among specific cost activities, organizations continued to spend the most on investigations and forensics (27%, up 1 point from 2009) and lost customer business (22%, unchanged from last year).
In addition, the head of Symantec’s Australian unit, Craig Scroggie revealed that his personal credit card details were leaked by an unidentified Melbourne restaurant, according to a roundtable covered by the Sydney Morning Herald.
Scroggie’s credit card information was leaked along with other restaurant members, when the restaurant emailed out its unencrypted client database to members instead of the summer menu.
According to the newspaper, Scroggie found out about the breach only after a follow-up email was sent informing him of the incident. He deleted the initial email received - which included his and other members' unencrypted credit card details, emails and names - because he did not want to read the menu. After being informed of the mistake, he recovered it to see what details were leaked.
Scroggie telephoned the restaurant to ask about the incident. He said staff were "very, very embarrassed" and blamed a third party who managed their menu subscriber email database. The Symantec official recommended that the restaurant contact the federal Privacy Commissioner and offered one of Symantec's staff to help recover from the breach, the newspaper reported.