Home / News

Data Breach Costs Continue to Rise, 40% Increase Since 2005

According to a new study by PGP Corporation and Ponemon Institute, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared to $197 in 2007. The study is based on 43 organizations across 17 different industry sectors with a range of 4,200 to 113,000 records that were affected. It is also noted that since 2005, the cost component has grown by more than $64 on a per victim basis since—nearly a 40% increase.

Other key findings from the study include the following:

  • Average total per-incident costs in 2008 were $6.65 million, compared to an average per-incident cost of $6.3 million in 2007.
  • Healthcare and financial services companies experienced the highest churn rate—6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.
  • Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees.
  • More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008—meaning that companies are becoming more experienced in managing breaches over time.
  • More than 88% of all cases in this year’s study involved insider negligence.
  • More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
  • The most significant cost decrease was seen in activities relating to post-breach response, which indicates that organizations are becoming more cost effective in managing data breaches.

The study has found that there is a positive correlation between the number of records lost and the cost of an incident. Companies analyzed were from 17 different industries, including financial, retail, healthcare, services, education, technology, manufacturing, transportation, consumer, hotels and leisure, entertainment, marketing, pharmaceutical, communications, research, energy and defense.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix


Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign

Domain Names

Sponsored byVerisign