Cost Of Data Loss

Quantifying the cost of data loss can be quite difficult and of the many studies done they all return different amounts. Most of these studies have been conducted outside of Ireland but they can be used as a good reference point at this time.

A study in 2007 by Forrester Research of 28 companies that had a data breach showed that the cost is between $90 and $305 per lost record. The analyst Khalid Kark said that  ”calculating the cost of a breach is murky territory and he did the survey to shed some light on the costs associated with breaches.”

Kark reported that discovery, response, and notification costs can be substantial. He averaged them out to be about $50 per lost record

Another study by the Ponemon Institute, sponsored by Intel, reported that the average cost of a lost laptop was $49,246. It found that while hardware costs ranged only from $913 to $2,500 among the 138 cases it examined, the total estimated expense -- after factoring in lost data -- ranged from $1,213 to $975,527. One particular case estimated the cost of the records stolen at $973,400 which plus the cost of the hardware brought it to $975,527 – the highest in the range.

Although each company probably had different methodology in calculating the cost of the lost data the average still came out at $49,246 – en expensive laptop to lose in any business.

The report also recommended that laptops be encrypted as this reduces the average cost of a loss by almost $20,000. Ponemon explained that while encryption won't thwart all thieves, but it will deter many of them.

Final study that I will reference is another one by the Ponemom Institute and is based on information provided by 21 UK companies that had suffered security breaches in 2007.

Main points to take from the study are:

  • Losses ranged from 2,500 records to 125,000
  • Estimated cost of recovering from the loss, including lost business, ranged from £85,000 to £3.8 million
  • on average, 36% of the cost of a breach resulted from a loss of business – in other words, customers taking their business elsewhere.
  • The £47 average cost per record consisted of £15 for detection and escalation; £15 for post-breach measures; and £17 on lost business and increased cost of customer acquisition. Just £1 per record was spent on notifying those involved, which tends to imply that companies did not always notify those affected
  • On average, 36% of the cost of a breach resulted from a loss of business – in other words, customers taking their business elsewhere.
  • Although organisations spend much effort and money on warding off hackers, malicious code and malicious insiders, the figures show that carelessness and incompetence are much more significant factors. For instance, 36% of breaches resulted from laptops and other mobile devices going missing or being stolen. The second most significant cause (at 24%) was the loss of paper records.
  • By contrast, hackers, malicious insiders and malware accounted for just 12% of all incidents.
  • 38% of breaches were caused by third parties – such as consultants, business partners and outsourcing companies – losing their clients' information.

As these studies show it is difficult to quantify the cost of losing data and put a definitive figure on how much a single lost record will cost a company. However, at the lower end the estimates (£47 to $50 or €52 to €34) can lead to quite substantial costs very quickly if the number of records lost is in the thousands.

When attempting to calculate the costs to your company of data loss consider the following factors:

    • Legal fees
    • Cost of notifying customers/clients
    • Fines and penalties imposed by Data Protection Commissioner
    • Call centre costs to deal with customer concerns
    • Credit monitoring of customer bank accounts in the case of lost financial information
    • PR costs
    • Loss of existing customer base as some customers will move companies
    • Loss of potential customers who will avoid company based on data loss
    • Lost employee productivity, time spent on issues relating to data loss instead of normal work
    • Hiring of external contractors/specialists
    • Special offers to customers who have had their information stolen

Free Dreamweaver templates by JustDreamweaver.com