According to the latest Ponemon COB report, data breach attacks have doubled this past year while the average cost of a data breach has increased to $204 per compromised record. The Ponemon Institute looked at several variables when determining this $204 number, including: lost business; legal fees; disclosure expenses; consulting help, including forensics; and remediation expenses such as improved technology and training. Page 16 of the report indicates that lost business is the most significant component of this number – representing $135 of the $204 amount. In other words, those firms disclosing to the Ponemon Institute information regarding their breach have had a signficant documented loss of business. In addition to providing this valuable insight regarding brand damage caused by a breach, the report is also instructive given it offers information regarding the causes of 2009 breaches.
According to this Ponemon Insitute report, data breaches generally have three primary causes: third party negligence; malicious attacks such as coordinated botnet attacks; and negligent insider behavior. In fact, the Ponemon Institute points out that 42 percent of all cases in the study involved third-party negligence. Although this overall number (as well information in the report) is based on information provided by only 45 businesses willing to speak in detail with the Ponemon Institute, the number should not be taken lightly – especially since it is not that far off from numerous other studies and surveys done over the years.
The two lessons here – breaches lead to lost business and third-party negligence is a signficant cause of breaches – actually have more to do with marketing then with risk management. In a prolonged down economy, small and middle market companies need to differentiate by showcasing their network security and privacy strengths. Instead of shying away from the efforts needed to improve your network risk profile, embrace the endeavor by realizing it will only be a matter of time before you are required to do what you are voluntarily doing now. As with most corporate best practices, being one step ahead of your competition when it comes to network security and privacy can turn into a significant marketing advantage. Depending on your business goals and what you do to generate revenue, this advantage can easily turn into a sustained competitive edge.