The results of a study show that the average cost of a data breach (based on 2009 data) is $204USD per exposed record. I often find it hard to value the data I’m protecting so this is really a good starting point to measure against.

Report: http://www.encryptionreports.com/2009cdb.html

Excellent writeup: http://www.scmagazineus.com/data-breaches-cost-organizations-204-per-record-in-2009/article/162259/

Highlights:

• Number of data breaches that were caused by malicious attacks and botnets doubled from 12 percent in 2008 to 24 percent in 2009.
• Data breaches caused by malicious attacks cost organizations 30 to 40 percent more on average than those caused by human negligence or by IT system glitches.
• 42 percent of all data breaches last year resulted from third-party mistakes.
• 36 percent of breaches involved lost or stolen laptops or other mobile devices.
• Lost business makes up the largest portion of breach costs, totaling $135 per record lost on average, a slight decrease from $139 in 2008.
• Ex-post response activities, which include providing credit monitoring services and other assistance to breach victims, cost $46 per record last year, up from $39 in 2008.
• Most expensive data breach included in this year’s study cost one organization nearly $31 million to resolve, and the least expensive breach cost $750,000.
• Activities that enable organizations to detect the breach, which totalled $8 per record on average last year, and costs to notify breach victims, which totaled $15 per record.
• Those who notified breach victims within one month paid $219 per record exposed, on average, versus $196 paid by those who waited longer.
• Having a CISO, or equivalent position, could decrease data breach costs by 50 percent.
• Companies with a CISO paid $157 per compromised record, on average, compared to those which did not have a CISO ($236 per compromised record).