A third of IT managers report data breaches: survey

A third of IT managers report data breaches: survey
A third of IT managers report data breaches: survey 

By Ellen Messmer
Network World

In a recent survey of 83 corporate IT managers, 28 acknowledged having 
had to cope with a data breach, and half of those respondents reported 
significant related costs.

In its report entitled Calculating the cost of a security breach, 
research firm Forrester said half of those polled cited changes to 
security and auditing processes as a major cost category.

In addition, 43% said the costs of customer notification and loss of 
business could be counted in the fall-out from a data breach, though 
only 25% feared lawsuits and civil penalties.

In its report, Forrester concluded that the costs of a data breach vary 
widely, from about $90 to $305 per customer record, depending whether 
the breach is low-profile or high-profile and the company in a 
non-regulated or highly regulated area, such as banking.

The Forrester report notes this is higher than findings made by the 
Ponemon Institute and others industry experts that typically cite costs 
associated with a data breach to be in the $50 range per customer record 
to cover legal fees, notification costs, increased call center costs, 
marketing and public relations expenses.

In counting up costs to cope with a security breach involving sensitive 
data, Forrester reckons it costs $50 just for the discovery, 
notification and response that brings in unexpected expenses associated 
legal counsel, call centers and mail notification.

Lost employee productivity would range from $20 per customer record to 
$30, while the opportunity costs in lost customers and difficulty in 
getting new ones would range from $20 for a low-profile breach in a 
non-regulated industry to $100 for a high-profile breach in a regulated 

Regulatory fines could also incur in regulated industries to the tune of 
$25 to $60 per customer record. Credit-card replacement costs or civil 
penalties cost easily add up to $25, Forrester reckons.

Though it may seem hard to estimate a dollar value associated with a 
data breach, focus on cost per record vs. overall costs, the Forrester 
report advises. The IT division should use the estimates simply as a 
starting point in interacting with the business side in estimating 

(c) Copyright 2007 Network World Inc.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods