Data Breach Costs Skyrocket, Response Lags

That figure represents the fifth year in a row that the average organization cost of a data breach has increased. It represents a 7 percent increase from 2009, when a data breach cost a company an average of $6.8 million.

The study also found that each compromised record runs a company an average of $214, a 5 percent leap from $204 in 2009. And the cost per record increases as companies work to rapidly respond to data breaches that compromise data. The study found that rapid response to data breaches costs companies 54 percent more per record than companies that moved more slowly. For example, 43 percent of companies told victims within one month of discovering the breach, a 7 point increase from 2009. Last year, quick responders had a per-record cost of $268, which was up 22 percent from the previous year, while companies that took longer to respond paid $174 per record, a figure that was down 11 percent from 2009.

"We continue to see an increase in the costs to businesses suffering a data breach," Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "Regulators are cracking down to ensure organizations implement required data security controls or face harsher penalties."

A recent Solera Networks study revealed that data breach resolution can run $35.3 million on the high end and $780,000 on the low end. The more prolonged the attack, the more it will cost, Solera said.

And the increasing costs to fight and respond to a data breach come as malicious and criminal security attacks become more frequent. Symantec and the Ponemon Institute found that 30 percent of all cases involved a malicious or criminal act, a 7 percent increase from 2009, and an average of $318 per compromised record, a 43 percent increase from the year before.

Malicious and criminal intent, however, isn't the most pressing security threat. The study revealed that negligence is still a major risk, with the number of security breaches cause by negligence increasing to 41 percent and an average of $195 per record, a cost that rose 27 percent since the previous year.

Meanwhile, companies are more proactive at preventing system failures, and therefore security threats created by such failures are decreasing. In 2010, system failure dropped to 27 percent.

The Symantec-Ponemon study coincides with a second Ponemon study that looks at how consumers gauge companies' responses to data breaches and how companies notify customers. That study found that 63 percent of consumers were not satisfied with data breach notification and response methods, saying that the notification letters they received offered no direction on steps to take to protect their information. Because of that, 31 percent said they terminated their relationship with that organization. Twenty-six percent said they took no action after being notified, while 57 percent said they lost trust and confidence in the organization that suffered the security breach.