E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: eWeek.com

Posted on February 2, 2010

Acting too quickly after a data breach can cost companies even more money, the Ponemon Institute reports.

Data breaches are not getting any cheaper to deal with, and companies that jump the gun on notifications can end up paying the most.

In its fifth annual study on data breaches, the Ponemon Institute discovered that about 36 percent of participants notified their breach victims within one month, but ended up paying $219 per compromised record as opposed to the $196 paid by others. According to the study, a reason for this may be that companies moved too quickly through the process of detection, notification and related activities, and made costly mistakes along the way.

"Panicking and making decisions before all the facts are accurately determined may result in extending credit services to individuals who may not have been affected in any way that would put their credit at risk, for example," noted Mike Spinney, senior privacy analyst with Ponemon. "Initial assessments may have indicated 100,000 folks, but in reality only 50,000 were on the missing disk ... that kind of thing can result in wasted money and effort in making notice."

Overall, the report found the average cost of a breach in 2009 rose to $204 per compromised record,up from $202 in 2008. The PGP-commissioned study also found that the average organizational cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009.

According to the report, the biggest driver of data breach costs is the loss of existing and future customers, which is referred to as the "abnormal churn rate." The industries with the highest churn rates - all standing at 6 percent - were pharmaceuticals, communications and health care. The financial services industry had a churn rate of 5 percent. Overall, the average abnormal churn rate across all industries stood at 3.7 percent in 2009, 0.1 percent higher than in 2008.

"Customers are increasingly aware of and expecting a secure level of protection and privacy for the data they entrust to businesses," PGP CEO Phillip Dunkelberger said in a statement. "Our study with the Ponemon Institute continues to demonstrate that companies whose data is not protected are not only facing expensive direct costs from cleaning up a data breach, but also a loss in customer confidence that has long-lasting ramifications."

While breaches caused by negligent insiders decreased, the portion caused by malicious criminal attacks and botnets rose to 24 percent in this year's study-double the percentage from 2008. The cost of falling victim to such an attack, $215 per record, is roughly 40 percent higher than the cost of a breach involving a negligent insider, the study found.

Meanwhile, businesses seem to be investing more heavily in technology to deal with the problem. Use of encryption (58 percent), identity and access management (49 percent), and data loss prevention products (42 percent) all increased among study participants.

"Any effective data security strategy requires a balance of technology, awareness and education as it relates to a company's policies and procedures," Spinney told eWEEK. "I believe the increase in breaches due to malicious attacks reveals an improvement in an organization's ability to detect such attacks, but it does not necessarily suggest that individuals are more vigilant. Awareness is an ongoing effort and one of the least costly components of an effective data security strategy."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.