2009 Annual Study: Cost of a Data Breach Around $204USD per Exposed Record

The results of a study show that the average cost of a data breach (based on 2009 data) is $204USD per exposed record. I often find it hard to value the data I’m protecting so this is really a good starting point to measure against.

Report: http://www.encryptionreports.com/2009cdb.html

Excellent writeup: http://www.scmagazineus.com/data-breaches-cost-organizations-204-per-record-in-2009/article/162259/


  • Number of data breaches that were caused by malicious attacks and botnets doubled from 12 percent in 2008 to 24 percent in 2009.
  • Data breaches caused by malicious attacks cost organizations 30 to 40 percent more on average than those caused by human negligence or by IT system glitches.
  • 42 percent of all data breaches last year resulted from third-party mistakes.
  • 36 percent of breaches involved lost or stolen laptops or other mobile devices.
  • Lost business makes up the largest portion of breach costs, totaling $135 per record lost on average, a slight decrease from $139 in 2008.
  • Ex-post response activities, which include providing credit monitoring services and other assistance to breach victims, cost $46 per record last year, up from $39 in 2008.
  • Most expensive data breach included in this year’s study cost one organization nearly $31 million to resolve, and the least expensive breach cost $750,000.
  • Activities that enable organizations to detect the breach, which totalled $8 per record on average last year, and costs to notify breach victims, which totaled $15 per record.
  • Those who notified breach victims within one month paid $219 per record exposed, on average, versus $196 paid by those who waited longer.
  • Having a CISO, or equivalent position, could decrease data breach costs by 50 percent.
  • Companies with a CISO paid $157 per compromised record, on average, compared to those which did not have a CISO ($236 per compromised record).
Scroll to top