The Real Cost of Data Breaches

Security and data breaches have increased over the past few years, and it’s no surprise a number of experts have tried to quantify the costs associated with them. But according to one expert, those estimates don’t seem to agree.

In a new article on the SearchSecurity.com website, security expert Khalid Kark says the various estimates “have churned out vastly different figures, further adding to the confusion. For example, a US Department of Justice study, published in August 2006, determined that the average loss per incident was $1.5 million. These calculations conflicted with a 2005 CSI/FBI survey that estimated the cost to be $167,000. Meanwhile, a 2006 Ponemon Institute survey figured expenses at $4.8 million per breach, while some CISOs put the cost to recover from a security incident at $1,000 per hour.”

Throughout the article, Kark attempts to explain the costs of a data breach to help companies figure out how much it would cost them. He looks at tangible costs, regulations and lost employee productivity, stock price, opportunity costs and regulatory requirements and fines to help companies come up with that number. For example, he says tangible costs, including legal fees, mail notification letters, calls, etc., typically cost about $50 per record.

“All things considered, a security breach can cost you anywhere between $50 to $250 per record,” Kark concludes. “Depending on how many records are at stake, individual breach costs may run into millions or even billions of dollars – and organizations still aren’t prepared to protect their environments. Although studies may not be able to determine the exact cost of a security breach in your organization, the loss of sensitive data can have a crippling impact on an organization's bottom line, especially if it is ill-equipped.”