An interesting piece in E-Commerce News about a new report from PGP and Poneman about the cost of data/privacy/security breaches and the reasons for them. Some excerpts:

Data breach incidents cost U.S. companies US$202 per compromised customer record last year compared with $197 in 2007 according to the study. The average total per-incident cost rose to $6.65 million in 2008 up 5.3 percent from $6.3 million in 2007.

Healthcare and financial services companies experienced the highest customer churn rates — 6.5 percent and 5.5 percent respectively.

Third-party organizations accounted for more than 44 percent of all data breaches in 2008 and the resulting investigation and consulting fees made these the most costly form of data breaches.

Nearly 90 percent of all cases in the 2008 study involved insider negligence.

…

Many of the security problems companies face are preventable — but most organizations don t have the right software tools and security policies in place to deal with data breaches he observed.

“It s a combination of software and risk management ” explained Ponemon. “Good technology like encryption data-loss prevention tools and data-access tools can help — but they re not the complete answer because so many of these incidents are due to negligence and carelessness.”

Of course, there is a bit of of a conflict here given that the sponsors of the study also happen to offer security solutions. Nonetheless, the figures are important to keep in mind to drive home the point that the direct costs (not to mention the reputational costs) of a privacy or data breach are very real. And very substantial. Hopefully, some figures like this will prompt companies to invest more in proactive measures to reduce the risk (and costs) of privacy breaches.

If you’re beyond that stage, then you might want to read this: Practical Tips for Responding to Privacy Breaches (full disclosure: I work for the firm that published this article).