Data breaches cost more in the U.S.

The U.S. has the toughest data-breach notification laws, which incurs higher costs compared to Australia, France, Germany, and the U.K.

The average cost to an organization of a data breach in the United States is higher than in four other countries where data-breach costs were compared, specifically Australia, France, Germany, and the United Kingdom, according to a Ponemon Institute report published Wednesday.

The average cost of a data breach in the United States in 2009 was $204 per compromised customer record, in comparison with $177 in Germany, $119 in France, $114 in Australia and $98 in the United Kingdom. According to Mike Spinney, senior privacy analyst at research firm Ponemon, the reason the United States is highest in comparison with the four other countries is because the United States has the toughest data-breach notification laws, which incurs higher legal and other costs.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Data loss prevention comes of age

Security iGuide

Australia, France and the United Kingdom do not have the type of data-breach notification requirements enshrined in law in the way you see in the United States, though Germany recently did adopt notification laws, Spinney says.

Outside the United States, organizations are often required to inform their governments about data breaches, but this information does not usually become public in the way you see it in the United States, Spinney points out.

The Ponemon report, sponsored by PGP, was done by gaining input from 133 organizations in 18 industry sectors known to have suffered a data breach in 2009 that were willing to discuss it confidentially.

With organizations in non-U.S countries, Ponemon did not receive the same level of detailed breakout of data breach costs as it does with U.S.-associated data breaches, but did receive more of a total cost overview.

According to the report, the total cost of a data breach in the United States averages $6.75 million, as opposed to $3.44 million in Germany, $2.57 million in the United Kingdom, $2.53 million in France and $1.83 million in Australia. About half of the incurred losses appear to be connected to the cost of lost business, with the United States highest in that category at 66 percent.

In seeking to trace data loss to third-party mistakes, the Ponemon study found 35 percent of all cases involved outsourcing to third parties, and 35 percent were traced to malicious or criminal attacks, with French companies appearing to have the highest impact in terms of highest increase in costs because of it.

Spinney says Ponemon hopes to do more multi-country studies of this kind to get far more information about the impact of a data breach in different nations with different regulatory structures.

Read more about wide area network in Network World's Wide Area Network section.

This story, "Data breaches cost more in the U.S. " was originally published by Network World.

Copyright © 2010 IDG Communications, Inc.

How to choose a low-code development platform