The Cost of a Data Breach
The Ponemon Institute just issued its yearly "Costs of a Data Breach" study that reveals some very interesting U.S. numbers. Granted, we view the losses involved with a breach to be more than monetary when you consider damaged reputation, loss of business, etc., but the financial numbers alone are quite interesting: Because we examine the actual costs incurred by companies as a result of discovering and responding to a data breach, we believe our figures are an accurate measure of the potentially devastating financial impact following a data breach. As more and more states followed the model of California's landmark notification law, SB 1386, the costs have risen steadily from a 2005 average incident cost of $4.5 million to a 2009 cost of $6.65 million. The report has determined that, on average, a breach in the U.S. costs $204 per record. When you think about it, these numbers really shouldn't be a surprise. I'm very curious to see how these numbers are affected by 201 CMR 17.00, particularly because the MA law is viewed as the strictest state privacy law, carrying the harshest penalties.