Wall Street & Technology: Blog: What is the Actual Cost of a Data Breach for a Financial Firm?

What is the Actual Cost of a Data Breach for a Financial Firm?

As the number of data breaches reported annually continues to surge, costs incurred by companies who report an incident are also increasing, according to a new study by security and privacy research organization, the Ponemon Institute.

In 2007, the average total cost of a breach for a company in any industry was $6.3 million, said the Ponemon Institute, which surveyed 35 companies across all industries who experienced a data breach this year.

Costs ranged from $225,000 per breach to almost $35 million. The average cost of each compromised record was $197.

But for firms in the highly regulated financial sector, the cost of a data breach is even higher -- rising to $239 per compromised record.

"The value of the data a financial firm has is much higher than companies in other sectors. They have personal information such as your account information and your social security number," explains John Dasher of PGP Corporation, which sponsored the survey together with Vontu.

As a result, financial institutions who suffer a data breach tend to offer customers credit protection, and offer to change account numbers --which all add up to the total cost incurred by a company after a breach.

Reputational damage control is particularly high on the agenda for financial firms. Overall, companies in all industries reported a 3% rise this year on public relations and communications expenses following an incident.

"If you're in the financial sector, what's more important than your brand, when you've spent years trying to build trust with your clients?" says Dasher.

Meanwhile, as firms continue to outsource, the Ponemon study revealed that third-party breaches are on the rise.

Breaches by contractors, consultants, outsourcers and business partners, were reported by 40 percent of companies surveyed, up from 29 percent in 2006.

The study also showed that third party breaches are more costly than those incurred by the enterprise itself – averaging $231 per compromised record.

Posted by Melanie Rodier at 01:45 PM

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.