Businesses reduce financial impact of data breaches

Corporate IT security managers rarely get good news when they read headlines about their efforts - most people stop to think about hacking only when they've become a victim. However, a recent survey showed that the cost of data security breaches actually fell in 2011.

The average cost of data breaches decreased in 2011 for the first time in seven years, PC World reported. Data protection researchers collected breach information from 49 American companies spanning 14 industry sectors to compile the statistics.

By studying a series of breaches, researchers at the Ponemon Institute found that the typical cost of a stolen data incident in 2011 was $5.5 million, a drop of 24 percent from 2010 figures. The impact also fell when measured by the cost per compromised record, dropping 10 percent to $194, the study said.

Data breaches also affect consumer confidence, wreaking even more damage on company profits when frightened customers defect to competitors. To prevent these reverberations, smart organizations try to ensure data protection by erecting careful defenses such as an anti-spam solution, encrypted email practices and enterprise email security.

In a sign that these efforts seem to be inspiring increased confidence for many users, the study also found that fewer customers are abandoning companies after data breaches.

Lost customers are expensive, as businesses must spend heavily to replace them and then launch campaigns to repair their damaged reputation in the marketplace. The costs that fall into this category have decreased by 34 percent compared to 2010, reseachers found.

"Maybe people are numb to data breaches," Institute founder Larry Ponemon told InformationWeek. "There are still many people who care deeply about it, but maybe there are more people worried about the economy, their job security, or the state of gas prices."

Despite the lessening impact of data breaches on corporate bottom lines, the latest research shows the increased importance of top-shelf security software to protect from attacks that originate both inside and outside of company walls.

Additional conclusions from the figures show that the portion of breaches caused maliciously rose from 31 percent in 2010 to 37 percent in 2011. Other causes included 39 percent from negligent insiders and 24 percent from system glitches.

Highlighting the need for software protection, the malicious attacks ranged from malware (50 percent) to malicious insiders (33 percent), device theft (28 percent), SQL injection (28 percent) and phishing attacks (22 percent).

"We think about the evil hacker, which is pretty serious stuff, but in our study, we find that it's really the malicious insider - someone who's nefarious or angry at the organization - that presents the real danger to the company," said Ponemon.

Despite the frequency of attacks, smart corporations have been able to reduce the financial impact of each breach by following some basic rules. Many businesses have controlled costs by hiring a chief information security officer (CISO) to enforce privacy protection and regulatory compliance, while acting as the sole leader of data protection efforts.