Tuesday, February 26, 2008
Study: Data Exposure Less Expensive than Previously Estimated
There's a new data point for organizations struggling to figure out what impact data exposure has on a business' bottom line. According to a study from the Ponemon Institute, described in this article, the average costs of an information security breach in the UK is about 47 pounds/record (about 103 dollars/record at current exchange rates). This is much less than the 197 dollars/record figure from a different Ponemon study from last year, which I described in this post. Why the discrepancy? My immediate thought is data underlying sets. The more recent study is focused on the UK, while the previous study was not. On the other hand, it's also possible that the previous study simply overestimated the costs of a breach. At this point, my guess is that the discrepancy is based on a combination of the two factors, but that the actual cost is closer to the lower number, a conclusion I draw in part because of the relatively low per record cost associated with massive breaches, something I wrote about here in the context of the TJX case.