UK Data Breach Cost Drops To £1.75 Million

Thomas Brewster,

Ponemon research shows businesses are getting better at preparing for breaches

The overall cost of a data breach in the UK declined in 2011, according to a report, marking a rare upbeat moment in a world rife with security scare stories.

Ponemon Institute’s research of 36 participating organisations, commissioned by security giant Symantec, discovered the average cost per lost or stolen record went up from £71 to £79 in 2011. From 2007 to 2011, the cost has risen 68 percent.

Businesses getting better

However, the average overall organisational cost has declined from £1.9 million per breach in 2010 to £1.75 million, indicating companies are better prepared for security events. This marks an eight percent fall and is close to returning to the 2008 figure of £1.73 million. The cost of reporting a breach also dropped from £170,000 to £140,000.

“The fact that the overall organisational costs have decreased from £1.9 million to £1.75 million indicates that organisations are improving their performance in preparing and responding to data breaches,” Mike Jones, senior product marketing manager at Symantec, told TWE.

“At a time when businesses in the UK remain economically cautious, data and IP protection is critical, not only if a business wants to remain competitive, but also if they want to avoid potentially large fines as a result of not complying with data regulation.”

The ICO fines appear to be making an impact too, according to Jones. “Most CISOs are aware of the fine from the ICO and appreciate it’s a disincentive and a strong deterrent,” he added. “But they also recognise that these fines are part of a bigger picture. The cost of a data breach itself can be debilitating for an organisation – not to mention the loss of reputation and the impact a breach can have on the  brand.”

Employee or partner blunders were behind 36 percent of breaches, although criminal attacks have increased, accounting for 31 percent of data loss. Malicious attacks caused the most financial damage too, with a cost of £90 per record stolen. For a system glitch the figure went down to £62.

Data breach cost reports have been reviewed with derision in the past, as some inflate the figure. Yet Ponemon’s survey looks at real direct costs, as well as indirect costs. The latter includes expenses on in-house investigations, as well as “the extrapolated value of customer loss resulting from turnover or diminished acquisition rates”.

How much do you know about security? Test your skills with our quiz.