Overall, the average organizational cost for an individual data breach declined to $5.5 million in 2011 – from $7.2 million in 2010 – a 24% drop. The average cost per record lost declined to $194 from $214 over the same period, a 10% decrease.
According to the '2011 U.S. Cost of Data Breach Study', negligent insiders were the top cause of data breaches, while malicious attacks were 25% more costly than other types of attacks.
The study, which is sponsored by Symantec and carried out by the Ponemon Institute, was derived from a detailed analysis of 49 data breach cases with a range of 4,500 to 98,000 affected records.
The study found organizations that employed a chief information security officer (CISO) with enterprise-wide responsibility for data protection reduced the cost of a data breach by 35% per compromised record.
“One of the most interesting findings of the 2011 report was the correlation between an organization having a CISO on its executive team and reduced costs of a data breach”, said Larry Ponemon, chairman and founder of the Ponemon Institute. “As organizations of all sizes battle an uptick in both internal and external threats, it makes sense that having the proper security leadership in place can help address these challenges.”
According to the study, detection and escalation costs declined from approximately $460,000 in 2010 to $433,000 in 2011. These costs refer to activities that enable a company to detect the breach and whether it occurred in storage or in motion.
In this year’s study, organizations that had their first ever data breach spent on average $37 more per record than those that had previous data breaches. Those that responded and notified customers too quickly without a thorough assessment of the data breach also paid an average of $33 more per record. Data breaches caused by third parties or a lost or stolen device increased the cost by $26 and $22, respectively.
For the first time, fewer customers are abandoning companies that have a data breach. However, certain industries are more susceptible to customer churn, which causes their data breach costs to be higher than the average. Taking steps to keep customers loyal and repair any damage to reputation and brand can help reduce the cost of a data breach, the study found.