Lost laptops, mobile devices account for most U.K. data leaks

The average cost of a data breach is £47 ($94) per compromised record, according to a path breaking survey from the Ponemon Institute.

For security blunders in the financial services sector, that cost rises to £55 per compromised record.

Lost or stolen laptops and mobile devices account for most data breaches in the U.K., according to the research, which is sponsored by Symantec and PGP Corporation. Thirty six per cent of data breaches resulted from lost and stolen laptops or other mobile devices.(Compare Data Leak Prevention products.)

Paper records follow not far behind at 24%. Data lost by outsourcers or third party's accounted for 12%, while technical attacks, such as hacking activity and malicious code, only accounted for 9% of breaches.

The survey found that where data was compromised by third parties, the cost per record was £59, considerably more than the £47 average.

Lost business accounted for more than a third of the costs incurred by businesses following a significant data breach. Almost a third of the costs were spent on detection and escalation. The cost of notifying customers that their data was lost costs was negligible in comparison.

The IT security department was the group most frequently involved in the response to a data breach, (for 62% of respondents), with compliance and business units sharing responsibility 55% and 43% of the time, respectively. But "IT organisations shared responsibility only 35% of the time, indicating that UK businesses treat a breach event as a failure of policy and not a technical IT operation," said the report.

Organizations suffering a breach were also found to have experienced an "abnormal" customer churn rate, 2.5% higher than average immediately following an incident.

Breaches included in the benchmarking exercise ranged from 2,500 to more than 125,000 records from 21 U.K. businesses spanning eight different industry sectors. The most serious incident is estimated to have cost the firm involved almost £3.8 million.

Most respondents that suffered data breaches indicated they were investing in encryption and data loss prevention products to defend against further incidents.

"Businesses and government in the UK are just now coming to realize the impact a data breach can have on an organization and its customers, similar to developments in the U.S. five years ago when data breaches became headline news," said Larry Ponemon, chairman and founder of the Ponemon Institute.

PGP Corporation, Symantec and Ponemon also called for the U.K. to introduce breach notification laws similar to those in more than 35 US states, to lower the frequency of such incidents.

Last year, the HM Revenue and Customs lost discs containing 25 million child benefit records in the worst data breach in the U.K.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.