November 29, 2007, WSJ
By Ben Worthen
Two new studies on data breaches and identity theft send a clear message: The number of these incidents is rising, and so are the costs – both to the victims and the companies who suffer the breach.
The Federal Trade Commission, the government agency that’s nominally in charge of identity-theft issues, found that 8.3 million American adults – about 3.7% of the adult population – were victims of identity theft in 2005. (The findings are based on a survey of close to 5,000 adults taken between March and June 2006. We have no idea why the results weren’t released until now.) The most common incidents involved fraudulent use of a credit or debit card. Most of these incidents were detected quickly and resolved with little cost to the victim. However, 17% of identity-theft victims said that thieves opened new accounts with their information, and that these incidents were harder to resolve. More than 75% of these victims had trouble getting loans, had their utilities cut off, were investigated by law enforcement or suffered similar disruptions.
While the cost in dollars to individual victims may be negligible, the cost of a data breach to companies is rising. The Ponemon Institute, a privacy think tank, studied the costs incurred by 35 organizations that experienced data breaches in 2007 and found that on average, the companies spent $197 per record lost, up from $182 last year and $138 in 2005. (Registration required to read the report.) That brought the average cost per breach to $6.3 million for these companies.
Forty-nine percent of the breaches involved a lost laptop or other device, in 9% of the incidents an outsider broke into the company, and 9% were caused by a malicious insider who willfully stole the data. This partly explains why investigating the cause of the data breaches only made up 6% of the cost incurred. Conversely, 56% of the cost came from a drop in business that could be tied to the breach. The companies studied reported a 2.7% customer churn rate as a result of their breach.
The average cost per record lost was $239 for financial services companies compared to $145 for retailers, suggesting that customers hold companies to whom they entrust their personal information to a higher standard.
By Ben Worthen
Two new studies on data breaches and identity theft send a clear message: The number of these incidents is rising, and so are the costs – both to the victims and the companies who suffer the breach.
The Federal Trade Commission, the government agency that’s nominally in charge of identity-theft issues, found that 8.3 million American adults – about 3.7% of the adult population – were victims of identity theft in 2005. (The findings are based on a survey of close to 5,000 adults taken between March and June 2006. We have no idea why the results weren’t released until now.) The most common incidents involved fraudulent use of a credit or debit card. Most of these incidents were detected quickly and resolved with little cost to the victim. However, 17% of identity-theft victims said that thieves opened new accounts with their information, and that these incidents were harder to resolve. More than 75% of these victims had trouble getting loans, had their utilities cut off, were investigated by law enforcement or suffered similar disruptions.
While the cost in dollars to individual victims may be negligible, the cost of a data breach to companies is rising. The Ponemon Institute, a privacy think tank, studied the costs incurred by 35 organizations that experienced data breaches in 2007 and found that on average, the companies spent $197 per record lost, up from $182 last year and $138 in 2005. (Registration required to read the report.) That brought the average cost per breach to $6.3 million for these companies.
Forty-nine percent of the breaches involved a lost laptop or other device, in 9% of the incidents an outsider broke into the company, and 9% were caused by a malicious insider who willfully stole the data. This partly explains why investigating the cause of the data breaches only made up 6% of the cost incurred. Conversely, 56% of the cost came from a drop in business that could be tied to the breach. The companies studied reported a 2.7% customer churn rate as a result of their breach.
The average cost per record lost was $239 for financial services companies compared to $145 for retailers, suggesting that customers hold companies to whom they entrust their personal information to a higher standard.
No comments:
Post a Comment