Data breaches in U.S. cost more

Data breaches in the U.S. cost more than in Australia, France, Germany and the United Kingdom, Ponemon study says

The average cost to an organization of a data breach in the United States is higher than in four other countries where data-breach costs were compared, specifically Australia, France, Germany and the United Kingdom, according to a Ponemon Institute report published Wednesday.

Data loss prevention comes of age

The average cost of a data breach in the United States in 2009 was $204 per compromised customer record, in comparison with $177 in Germany, $119 in France, $114 in Australia and $98 in the United Kingdom. According to Mike Spinney, senior privacy analyst at research firm Ponemon, the reason the United States is highest in comparison with the four other countries is because the United States has the toughest data-breach notification laws, which incurs higher legal and other costs.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The average cost to an organization of a data breach in the United States is higher than in four other countries where data-breach costs were compared, specifically Australia, France, Germany and the United Kingdom, according to a Ponemon Institute report published Wednesday.

Data loss prevention comes of age

The average cost of a data breach in the United States in 2009 was $204 per compromised customer record, in comparison with $177 in Germany, $119 in France, $114 in Australia and $98 in the United Kingdom. According to Mike Spinney, senior privacy analyst at research firm Ponemon, the reason the United States is highest in comparison with the four other countries is because the United States has the toughest data-breach notification laws, which incurs higher legal and other costs.

"Lawyers cost money," Spinney says, pointing to the findings in the "2009 Annual Study: Global Cost of a Data Breach" report. "The costs are higher because the U.S. has disclosure requirements."

Australia, France and the United Kingdom do not have the type of data-breach notification requirements enshrined in law in the way you see in the United States, though Germany recently did adopt notification laws, Spinney says.

Outside the United States, organizations are often required to inform their governments about data breaches, but this information does not usually become public in the way you see it in the United States, Spinney points out.

The Ponemon report, sponsored by PGP, was done by gaining input from 133 organizations in 18 industry sectors known to have suffered a data breach in 2009 that were willing to discuss it confidentially.

With organizations in non-U.S countries, Ponemon did not receive the same level of detailed breakout of data breach costs as it does with U.S.-associated data breaches, but did receive more of a total cost overview.

According to the report, the total cost of a data breach in the United States averages $6.75 million, as opposed to $3.44 million in Germany, $2.57 million in the United Kingdom, $2.53 million in France and $1.83 million in Australia. About half of the incurred losses appear to be connected to the cost of lost business, with the United States highest in that category at 66%.

In seeking to trace data loss to third-party mistakes, the Ponemon study found 35% of all cases involved outsourcing to third parties, and 35% were traced to malicious or criminal attacks, with French companies appearing to have the highest impact in terms of highest increase in costs because of it.

Spinney says Ponemon hopes to do more multi-country studies of this kind to get far more information about the impact of a data breach in different nations with different regulatory structures.

Read more about security in Network World's Security section.