Companies suffering a data loss are paying a higher cost than ever: an average of $6.6 million. The rising costs are fueled by growing customer willingness to take their business elsewhere after a breach.

A fourth annual study from encryption firm PGP Corporation looked at 43 breaches across 17 different industries in such diverse fields as finance, defense and pharmaceuticals. As well as looking at direct financial costs such as replacing and repairing data and contacting customers to report breaches, it took account of opportunity costs such as losing future business from disgruntled customers.

This year’s figure was slightly higher than last year’s $6.3 million, itself a large rise from the 2006 average loss of $4.7 million. The most significant change over the past few years is that customers are much quicker to change provider after a high-profile data loss.

On average, a firm experiencing a data loss now sees 3.6 percent of its customers jump ship. The highest industry figures are 6.5 and 5.5 percent for healthcare and finance respectively, likely because customers place more importance on the confidentiality of data held in those industries.

It appears customers aren’t just punishing one-off mistakes. More than 80 percent of the surveyed firms who suffered a data loss during 2008 experienced more than one such incident during the year.

If anything, the PGP figures underestimate the cost of data breaches. It doesn’t include the damage to the value of any confidential intellectual property which is exposed in a breach. And it doesn’t include the effects that negative publicity about a data loss can have on a company’s stock price.

As the Washington Post points out, the revelations of credit card processing firm Heartland Payment Systems discovering spyware on its servers saw its stock price almost halve within a day.

Related:

Entry was posted on Monday, February 2nd, 2009 at 4:23 pm under Hacking, Security.

Read more entries by John Lister.
Stumble It!