The results of a study show that the average cost of a data breach (based on 2009 data) is $204USD per exposed record. I often find it hard to value the data I’m protecting so this is really a good starting point to measure against.
Excellent writeup: http://www.scmagazineus.com/data-breaches-cost-organizations-204-per-record-in-2009/article/162259/
- Number of data breaches that were caused by malicious attacks and botnets doubled from 12 percent in 2008 to 24 percent in 2009.
- Data breaches caused by malicious attacks cost organizations 30 to 40 percent more on average than those caused by human negligence or by IT system glitches.
- 42 percent of all data breaches last year resulted from third-party mistakes.
- 36 percent of breaches involved lost or stolen laptops or other mobile devices.
- Lost business makes up the largest portion of breach costs, totaling $135 per record lost on average, a slight decrease from $139 in 2008.
- Ex-post response activities, which include providing credit monitoring services and other assistance to breach victims, cost $46 per record last year, up from $39 in 2008.
- Most expensive data breach included in this year’s study cost one organization nearly $31 million to resolve, and the least expensive breach cost $750,000.
- Activities that enable organizations to detect the breach, which totalled $8 per record on average last year, and costs to notify breach victims, which totaled $15 per record.
- Those who notified breach victims within one month paid $219 per record exposed, on average, versus $196 paid by those who waited longer.
- Having a CISO, or equivalent position, could decrease data breach costs by 50 percent.
- Companies with a CISO paid $157 per compromised record, on average, compared to those which did not have a CISO ($236 per compromised record).