Cyber Liability Insurance: Cost of a Data Breach

In an annual study, the 2010 Annual Study: U.S. Cost of a Data Breach, released by Ponemon Institute revealed that data breaches grew more costly for the fifth year in a row. Cyber liability is something most businesses don’t think twice about. As technology advances we will be at a higher state of risk and new exposures, such as identity theft and data breaches.

How is a company affected by a data breach? The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009. One trend also discovered through this story is for the second straight year organizations’ need to respond rapidly to data breaches drove the associated costs higher.

Major findings from the study:

  • Data breach costs have continued to rise. The average organizational cost of a data breach this year increased to $7.2 million, up seven percent from $6.8 million in 2009. Total breach costs have grown every year since 2006. Data breaches in 2010 cost companies an average of $214 per compromised record, up $10 (5 percent) from last year.
  • Negligence remains the most common threat. The number of breaches caused by negligence edged up one point to 41 percent and averaged $196 per record, up 27 percent from 2009. This steady trend reflects the ongoing challenge of ensuring employee and partner compliance with security policies.
  • Malicious or criminal attacks are the most expensive and are on the rise. In this year’s study, 31 percent of all cases involved a malicious or criminal act, up seven points from 2009, and averaged $318 per record, up 43 percent from 2009.
  • Rapid response to data breaches is costing companies 54 percent more per record than companies that moved more slowly. Forty-three percent of companies notified victims within one month of discovering the breach, up seven points from 2009. In 2010, these quick responders had a per-record cost of $268, up 22 percent from 2009; companies that took longer paid $174 per record, down 11 percent.
  • Encryption and other technologies are gaining ground as post-breach remedies, but training and awareness programs remain the most popular. Sixty-three percent of respondents use training and awareness programs after data breaches, down four points from 2009. Encryption is the second most implemented preventive measure as a result of a data breach, with 61 percent. Both encryption and data loss prevention (DLP) solutions have increased 17 percent since 2008.
  • Negligence remains the most common threat. The number of breaches caused by negligence edged up one point to 41 percent and averaged $196 per record, up 27 percent from 2009. This steady trend reflects the ongoing challenge of ensuring employee and partner compliance with security policies.
  • Companies are more vigilant about preventing system failures. System failure dropped nine points to 27 percent in 2010. This trend indicates organizations may be more conscientious in ensuring their systems can prevent and mitigate breaches through new security technologies and compliance with security policies and regulations.

The U.S. Cost of a Data Breach Study was derived from a detailed analysis of 51 data breach cases with a range of nearly 4,200 to 105,000 affected records. The study found there is a positive correlation between the number of records lost and the cost of an incident. Companies analyzed were from 15 different industries, including finance, retail, healthcare, services, education, technology, manufacturing, research, transportation, consumer, hotels and leisure, media, pharmaceutical, communications and energy.

At the Byrnes Agency, we sit down with our clients throughout the Connecticut area to evaluate how great their exposures are to cyber risk and how best to protect and reduce these exposures. Whether you’re a retail operation, restaurant, a hotel/motel, a non-profit, municipality, etc., or provide a professional service, you need to evaluate your liability exposures to cyber threats. No business or operation that uses a computer to conduct transactions and store information is immune from the dangers of data breach, identity fraud, missing or lost tapes, and all types of threats to corporate security.

Cyber issues can happen at any time, so don’t leave your Connecticut business needlessly exposed. For more information, call us at any of our three locations below.

Dayville Office – 860-774-8549
Norwich Office – 860-886-5498
Woodstock Office – 860-928-7928

Please follow and like us: