Create a free account, or log in

Average data breach costs Australian companies $128 for each record lost: Report

New research from Symantec and the Ponemon Institute has found the average cost of each record of data lost in a security breach is about $128, up by 4% since 2009, with experts warning the result should prompt small businesses to start taking initiatives on digital security. The revelation also comes as entertainment giant Sony […]

New research from Symantec and the Ponemon Institute has found the average cost of each record of data lost in a security breach is about $128, up by 4% since 2009, with experts warning the result should prompt small businesses to start taking initiatives on digital security.

The revelation also comes as entertainment giant Sony is continuing to feel the financial pain of three successive hacking attempts which took down its online network, with some analysts suggesting the company could take a multi-million dollar hit.

The new study has found the average cost of “significant” data breaches reported by 19 Australian companies was $2 million in 2010. The size of these specific incidents ranged from the breach of 3,200 to 65,000 individual records.

But the average cost of each record lost was found to be $128 – up 4% from last year. Experts such as IDC research manager of IT Marina Beale say this figure will only rise over time.

“The data breach aspect is not going to get any better. It’s going to get worse with all new types of cloud-based models companies are using now, so leak stress will be even greater,” she says.

“There are so many things businesses need to take into account with breaches, including how the breach affects your brand, the ability to continue trading and the cost of recovery.”

Certainly the prevalence of such breaches is growing month to month. Of course Sony is the most recent example – and one of the most significant in several years – but smaller companies such as cosmetics retailer Lush are feeling the pain of data breaches.

The company was even forced to update its websites telling customers their credit card data was likely breached by hackers.

The Symantec study points out the costs incurred by these companies isn’t just related to the loss of data; they need to find money to deal with other issues as well. This also results in employees not focusing on their core business activities, meaning a drop in productivity.

For instance, it found companies are focusing more on detecting breaches and rebuilding reputations with customers, and less on actually responding to the effects of the breaches themselves.

“The expense of detection and escalation has now surpassed the cost of lost business,” the survey said, although respondents only spent 4% on breach-related costs such as notifying customers.

The cost of each individual data record lost changes from company to company as well. The survey found breaches cost “first time” companies about $119 per record, with that number increasing with each successive breach.

Beale says the costs of cleaning up breaches aren’t just related to security. “There are many significant costs here. Breaches affect your ability to trade, the cost of recovery is an issue, and there are all sorts of legal costs to take into consideration as well.”

Ovum analyst Craig Skinner says the $128 figure is just an initial number – the customer will encounter costs the business won’t even know about.

“This doesn’t include the costs they must endure, such as replacing credit cards, and so on. The company doesn’t feel that,” he says.

Of course, the company will feel it if the customer decides to sue – Sony is facing over two dozen class action lawsuits.

Skinner says the report and recent incidents of customer data breaches are sobering. SMEs need to ensure data protection is part of their eCommerce or online infrastructure as soon as possible, and not treated as an afterthought.

“Certainly whether the business has records online, they need to start making use of the security they have available and build that in to the company from the start.”

“There are a range of different strategies they can use. They need to ask themselves, who can access that data? Is it encrypted? Who in the company has access to this? Do they have all the documents in separate places?”

Skinner says businesses which don’t worry about these sorts of issues “will leave themselves open… and if they’re burned once customers will see them as being less reliable”.