BankInfoSecurity has a good summary of findings from the Ponemon Institute’s fifth-annual study on the cost of a data breach.

The Ponemon Institute study, which is sponsored by PGP, is an interesting companion to my company’s own annual study on data loss prevention issues. Among the top findings from this year’s study by Ponemon, which is based on a survey of 45 US enterprises that experienced data breaches during 2009:

  • The average organizational cost of a data breach increased by about 2%, from $6.65 million (2008) to $6.75 million (2009). On a per-compromised record basis, the average cost rose from $202 to $204 per compromised record. Ponemon says that the most expensive data breach event including in their latest study cost the organization almost $31 million to resolve.
  • More US companies are using technology to prevent and remediate data breaches. Among the related findings: 58% of surveyed organizations expanded their use of encryption technology, 42% increased use of data loss prevention solutions.
  • Data breaches caused by malicious attacks and botnets doubled from 2008 to 2009, and those breaches were 40% more costly than breaches involving negligent insiders or system glitches.

There’s a lot of other interesting data in the Ponemon report, the full version of which can be downloaded from (note that myself or my company are not affiliated with that site or the Ponemon Institute).