A third of IT managers report data breaches


In a recent survey of 83 corporate IT managers, 28 acknowledged having had to cope with a data breach, and half of those respondents reported significant related costs.

In its report entitled “Calculating the cost of a security breach,” research firm Forrester said half of those polled cited changes to security and auditing processes as a major cost category.

In addition, 43 per cent said the costs of customer notification and loss of business could be counted in the fallout from a data breach, though only 25 per cent feared lawsuits and civil penalties.

In its report, Forrester concluded that the cost of a data breach varies widely, from about US$90 to $305 per customer record, depending whether the breach is “low-profile” or “high-profile” and the company in a non-regulated or highly regulated area, such as banking.

The Forrester report notes this is higher than findings made by the Ponemon Institute and others industry experts that typically cite costs associated with a data breach to be in the $50 range per customer record to cover legal fees, notification costs, increased call centre costs, marketing and public relations expenses.

In counting up costs to cope with a security breach involving sensitive data, Forrester reckons it costs $50 just for the discovery, notification and response that brings in unexpected expenses associated with legal counsel, call centres and mail notification.

Lost employee productivity would range from $20 per customer record to $30, while the “opportunity costs” in lost customers and difficulty in getting new ones would range from $20 for a “low-profile breach” in a non-regulated industry to $100 for a “high-profile breach” in a regulated one.

Regulatory fines could also be incurred in regulated industries to the tune of $25 to $60 per customer record. Credit card replacement costs or civil penalties cost easily add up to $25, Forrester reckons.

Though it may seem hard to estimate a dollar value associated with a data breach, “focus on cost per record versus overall costs,” the Forrester report advises. The IT division should use the estimates simply as a starting point in interacting with the business side in estimating costs.

Quicklink 071076


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now