Data breaches cost $6.6 million on average, survey finds

Organizations experiencing a data breach can pay $6 million for lost business and cleanup, according to Ponemon/PGP.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Feb. 1, 2009 9:01 p.m. PT

It costs $6.6 million on average when an organization suffers a data breach, and more than $200 per compromised record, according to a survey conducted by the Ponemon Institute that's due to be released on Monday.

The report, sponsored by PGP Corp., examined the costs incurred by 43 organizations that experienced a data breach. Breaches ranged as high as 113,000 records and the average total cost per company ranged from more than $613,000 per breach to nearly $32 million.

Most of the cost is due to lost business, which averaged nearly $4.6 million, the report found.

Forty-four percent of the organizations surveyed reported a breach by a third party, such as a contractor or outsourcer, and more than 88 percent of all cases this year involved incidents resulting from insider negligence, according to the study.

Last week McAfee estimated that cybercrime costs corporations $1 trillion globally each year.