Six years ago, The Ponemon Institute conducted its first “Cost of a Data Breach” study in the United States. Since then, the independent research firm has expanded into the United Kingdom, Germany, France and Australia. This most recent study focuses on actual data breach experiences of 51 U.S. companies from 15 different industry sectors.
The results of Ponemon’s 2010 study, which were released this month, find that:
- For the first time, malicious or criminal attacks are the most expensive cause of data breaches and not the least common one
- Organizations are more proactively protecting themselves from malicious attacks
- Companies’ investments in finding and remediating data breaches may be paying off
- For the third straight year, direct costs accounted for a larger proportion of overall data breach costs
Other important findings include: more organizations favor rapid response to data breaches, and that is costing them greatly; for the fifth year in a row, data breach costs have continued to rise (the average cost of a data breach in 2010 increased to $7.2million, up 7% from $6.8million in 2009); breaches by third-party outsourcers are becoming slightly less common but much more expensive; more companies had better-than-average security postures, and those organizations enjoyed much lower data breach costs.
The report points to popular and effective technologies that are currently available to secure data both within an organization and among business partners.
They include:
- Encryption (including whole disk encryption and for mobile devices/smartphones)
- Data loss prevention (DLP) solutions
- Identity and access management solutions
- Endpoint security solutions and other anti-malware tools