Volume 4, Number 45 -- December 12, 2007

The Costs of Data Breaches Continues to Rise, Says Ponemon

Published: December 12, 2007

by Dan Burger

There are 215 million stories in the naked city . . . and those are just the stories that have something to do with data breaches. That's the number, dating back to January 2005, established by the Privacy Rights Clearinghouse. If you find that surprising, wait until you hear about the financial loss attached to those breaches. According to the study released last week by the Ponemon Institute, data breach incidents cost companies $197 per compromised customer record in 2007. Here are some equally sobering statistics to think about:

  • The average per-incident costs were $6.3 million.
  • The cost of lost business increased by 30 percent to an average of $4.1 million.
  • Breaches by third-party organizations such as outsourcers, contractors, consultants, and business partners were reported by 40 percent of survey respondents.

Do you feel that knot in your stomach getting tighter?

As companies grapple with the challenge of protecting their customers' private data, the latest research by The Ponemon Institute shows the cost of failing to protect data do is on the rise. Lost business opportunity, including losses associated with customer churn and acquisition, represented the most significant component of the cost increase.

"The data from 2007 suggests that although companies are responding to data breaches more efficiently, consumers seem to be less forgiving when their personal information is compromised," said Larry Ponemon, chairman and founder of The Ponemon Institute. "The bigger problem, however, remains the persistent underlying issue of data security. Of course, the easiest way for companies to avoid the costs associated with a data breach would be to avoid a breach in the first place."

Ponemon's annual Cost of a Data Breach study tracks a wide range of cost factors, including legal, investigative, and administrative expenses as well as customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit-monitoring subscriptions.

So what measures are being put in place by companies that were crippled by a breach? The report lists the following technologies ranked according to popularity:

  1. Expanded use of encryption
  2. Data loss prevention solutions
  3. Identity and access management solutions
  4. Endpoint security controls
  5. Security event management solutions
  6. Perimeter controls

"Compliance requirements, new notification laws, and the growing list of breaches have made organizations aware they need a different approach to data security," said Phillip Dunkelberger, president and chief executive officer of PGP Corporation, one of two corporate sponsors of the study. "The 2007 Ponemon study shows that erecting another firewall doesn't work anymore because confidential data isn't just inside the company. A single product and a bunch of tactics aren't enough, either."

"The fact that more than a third of breaches result from data being shared with third parties in the normal course of business is a clear signal that organizations should examine how they are sharing their customers' data with outsourcers, vendors, and partners," said Steve Roop, vice president of products and marketing at Vontu, the other corporate sponsor of this survey.

The Cost of a Data Breach report was derived from the analysis of 35 data breach incidents. Some of those incidents involved a few as 4,000 records while others exceeded 125,000 records. The companies analyzed were from 16 industries, including communications, consumer goods, education, entertainment, financial services, gaming, health care, hospitality, Internet, manufacturing, marketing, media, retail, services, technology, and transportation. Copies of the study are available through PGP, Vontu, and The Ponemon Institute.

                     Post this story to
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

HP, IBM and Sun Server Deals via RSS

                                                  · Subscribe to our Specials via RSS
                                                  · Up to 80% off manufacturer's list price
                                                  · Multi-million dollar inventory

We Buy & Sell new and remarketed servers,
upgrades, peripherals and parts.

HP Proliant, IBM xSeries, IBM pSeries, RS6000,
HP Integrity, Sun Microsystems, Cisco, more…

View or Subscribe to:
Special Offers on Servers and Upgrades

Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

COMMON:  Join us at the annual 2008 conference, March 30 - April 3, in Nashville, Tennessee
Vision Solutions:  MIMIX takes the work and worry out of Windows data protection is the resource for job transitions after age 40



IT Jungle Store Top Book Picks

The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket Developers' Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
iSeries Express Web Implementer's Guide: List Price, $59.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
WebFacing Application Design and Development Guide: List Price, $55.00
Can the AS/400 Survive IBM?: List Price, $49.00
The All-Everything Machine: List Price, $29.95
Chip Wars: List Price, $29.95

The Four Hundred
Database Tool Maker Joins the System i Market

State of the System i: Other Software Makers Weigh In

IDC Says Server Buyers Weigh Economy and Power in Q3

As I See It: What's Past Is Prologue

The Linux Beacon
AMD Stalled by a Bug in Barcelona Opterons

Red Hat Goes Grid and Real Time with Enterprise MRG Distro

IDC Says Server Buyers Weigh Economy and Power in Q3

As I See It: What's Past Is Prologue

Four Hundred Stuff
Above Security Takes i5/OS Log Aggregation to Heart

Shield's Remote Journal-Based DR Solution Matures at V2R1

Putting the 'i' Back Into PCI

Pat Townsend and BalaBit Pair Up to Cover System i Logs

Big Iron
Sine Nomine Shows Off Solaris on System z

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
System i Developers and .NET 2.0, Part 2: Web Development Using ASP.NET AJAX

ON vs. ON

Admin Alert: Basic Tools for the System i Admin Tool Chest

System i PTF Guide
December 8, 2007: Volume 9, Number 49

December 1, 2007: Volume 9, Number 48

November 24, 2007: Volume 9, Number 47

November 17, 2007: Volume 9, Number 46

November 10, 2007: Volume 9, Number 45

November 3, 2007: Volume 9, Number 44

The Unix Guardian
Sine Nomine Shows Off Solaris on System z

Q&A with Jim Herring: The View from the Top

Sun to Release xVM Virtualization Under GPL v3 License

Be My Guest

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar


Storage Guardian
IT Security
World Data Products
Vibrant Technologies

Printer Friendly Version

Windows Server 2008 RC1 Debuts with Group Policy Enhancements

Eleven Security Flaws Patched by Microsoft

AMD Stalled by a Bug in Barcelona Opterons

IDC Says Server Buyers Weigh Economy and Power in Q3

But Wait, There's More:

HP Ready for Windows Server 2008 . . . Microsoft Revs Office Products with SP1, Workspace Beta . . . New Framework Links Developers and Data . . . Robert Half Says IT Hiring to Be Solid in Q1 2008 . . . Quest Software Buys PassGo for Access and Identity Management . . . The Costs of Data Breaches Continues to Rise, Says Ponemon . . .

The Windows Observer


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement