Companies have also found that most customers do not utilize the credit monitoring services organizations frequently offer in the wake of a breach to help people monitor their records for potential fraud, the expert maintains. By scaling back those offers and spending more money on image control, organizations have been able to cut some costs, he said.
As a result, the average cost of notifying customers of a data breach actually dropped significantly -- or roughly 40 percent -- falling from $25 per lost record one year ago to $15 in 2007, according to the report -- which was co-sponsored by security vendors PGP and Vontu.
Another emerging area of focus for companies dealing with data breaches has been to force their business partners to do a better job of protecting their customer data.
Some 40 percent of those organizations interviewed attributed the cause of their incidents to third parties, such as contractors and consultants, representing a nearly 30 percent increase over 2006.
Those breaches were also more costly than other episodes, averaging an overall expense of $231 per record, compared to $171 per records in incidents when third parties were not involved.
In terms of vertical bias, Ponemon said that financial services companies are feeling the biggest pinch from their breaches, based largely on customer perceptions that such organizations should do a better job of protecting their data than other types of businesses, including retailers.
Financial services companies are particularly concerned with the issue of having customers abandon their online applications in favor of more traditional brick-and-mortar services, thereby driving up their overhead expenses.
Despite the fact that the cost of responding to a data breach has risen consistently over the three years that Ponemon has studied the phenomenon, the expert believes that in time the price of losing customer data will eventually fall.
The researcher said that the sheer volume of incidents will drive customers to become desensitized to the events, resulting in lowered remediation costs and business churn.
"People are already finding that it is hard to trace an incident of ID theft to a specific breach, and with the growing number of notifications they receive, they won't care as much about the problem," Ponemon said. "There seems to be a herd mentality emerging among customers that applies to the law of large numbers; if people feel they are in a pool of millions of others who have had their records stolen or lost, their thinking is that the probability of being victimized isn't as strong."