The cost of a data breach has risen for the third year on the trot, according to a new survey.
A study by Ponemon bankrolled by Symantec found that the average data breach incident cost UK organisations £1.9m or £71 per record, an increase of 13 percent on 2009, and 18 percent on 2008.
The report is based on the data breach experiences of 38 UK companies from 13 different industries, including the financial sector, government and telecommunications.
It also found that the incident size ranged from 6,900 to 72,000 records, with the cost of each breach varying from £36,000 to £6.2m. The most expensive incident increased by £2.3m compared to 2009.
Hostile attacks reign as the most expensive data breach for UK organizations, according to the report. The study said that malicious or criminal attacks accounted for 29 percent of all data breaches, increasing from 22 percent over 2009. It costed an average of £80 per record to fix the problem in 2010, up by £4 on 2009.
The study also revealed that system failure overtook the insider as the most common. A total of 37 percent of all cases involved a system failure in 2010, up 7 percent on 2009, replacing negligence as the biggest threat, which at 34 percent dropped 11 points. Lost and stolen devices and third party mistakes also fell marginally, according to the report.
Perhaps predictably, lost businesses ranked as the biggest contributor to overall data breach costs, with recovering customers, profits and business opportunities pretty tough.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said: "We continue to see an increase in the costs to businesses suffering a data breach. Regulators are cracking down to ensure organisations implement required data security controls or face harsher penalties. Confronted with both malicious and non-malicious threats from inside and outside the organisation, companies must proactively implement policies and technologies to mitigate the risk of costly breaches."
Robert Mol, director of product marketing, Europe, Middle East and Africa, Symantec, said: "At a time when businesses in the UK remain economically cautious, protection of IP to remain competitive and avoidance of potentially large fines are key. With the average cost of a data breach for UK organisations rising to £1.9 million, securing information clearly continues to challenge organisations at all levels, but the vast majority of these breaches are preventable."
Funnily enough the security firm suggested that organisations protect their data and create a culture of security with training, policies and actions in place.