According to a new study by PGP Corporation and Ponemon Institute, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared to $197 in 2007. The study is based on 43 organizations across 17 different industry sectors with a range of 4,200 to 113,000 records that were affected. It is also noted that since 2005, the cost component has grown by more than $64 on a per victim basis since—nearly a 40% increase.

Other key findings from the study include the following:

• Average total per-incident costs in 2008 were $6.65 million, compared to an average per-incident cost of $6.3 million in 2007.
• Healthcare and financial services companies experienced the highest churn rate—6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.
• Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees.
• More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008—meaning that companies are becoming more experienced in managing breaches over time.
• More than 88% of all cases in this year’s study involved insider negligence.
• More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
• The most significant cost decrease was seen in activities relating to post-breach response, which indicates that organizations are becoming more cost effective in managing data breaches.

The study has found that there is a positive correlation between the number of records lost and the cost of an incident. Companies analyzed were from 17 different industries, including financial, retail, healthcare, services, education, technology, manufacturing, transportation, consumer, hotels and leisure, entertainment, marketing, pharmaceutical, communications, research, energy and defense.