Enterprising Developments

The Cost of a Data Breach Versus the Cost of More Security

Joe McKendrick
Insurance Experts' Forum, July 2, 2013

The cost of a data breach keeps creeping upward. A new study from Ponemon Institute and Symantec calculates that the average cost is $136 per affected record — up from $130 in last year's survey. However, this is the international average — the cost is $188 within the United States.

The number of breached records per incident this year ranged from 2,300 records to more than 99,000 records, Ponemon states. This year, the average per incident settled somewhere around 23,647. Therefore, it can be surmised that the average cost of a security incident for a U.S. company was more than $4.4 million. Compare this with the cost of investing in security software and training.

Ponemon bases its estimates on a range of factors, including direct, indirect and opportunity costs stemming from activities required to detect a breach, activities necessary to report the breach of protected information to appropriate personnel within a specified time period, and activities that enable the company to notify data subjects with a letter, outbound telephone call, e-mail or general notice that personal information was lost or stolen.

The report also takes note that “lost business costs were stable (such costs include customer churn, customer acquisition activities, and brand reputation loss). In many organizations — especially in heavily regulated industries such as healthcare and financial services — lost business costs represented the largest financial consequence of a data breach.”

A total of 277 organizations were studied for the report.

The Ponemon-Symantec report makes the following recommendations for getting a better grip on potential security costs:

• Educate employees and train them on how to handle confidential information.

• Use data loss prevention technology to find sensitive data and protect it from leaving your organization.

• Deploy encryption and strong authentication solutions.

• Prepare an incident response plan including proper steps for customer notification.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Software-Defined Health Insurer: Radical But Realistic?

Can a tech startup digitally assemble the pieces of a comprehensive, employer-provided health plan?

Data Governance in Insurance Carriers

As the insurance industry moves into a more data-centric world, data governance becomes more critical for ensuring the data is consistent, reliable and usable for analysis.

Fear This

Just days before this Issue, which contains our security cover story, went to press, we got some interesting news: 1.2 billion unique usernames and passwords and 542 million email addresses were reportedly stolen from 420,000 websites, according to The New York Times. The websites ranged from Fortune 500 companies down to small online retailers.

Should You Back Up Enterprise Data to the Cloud?

Six questions that need to be asked before signing on with an outside service.

Modernizing Information Management

While better reporting and actuarial analysis help to support financial decisions, improved analytics and decision making greatly assist the rest of the organization.

Strategic Planning: Here and Now

Insurers’ annual strategic planning efforts can benefit from an infusion of tactical reality.

Advertisement

Advertisement