The cost of data breaches has steadily fallen due to improved incident response plans and other steps organizations have taken to lessen their impact, according to an annual study.
The global “2013 Cost of a Data Breach Study,” conducted by the Ponemon Institute and sponsored by Symantec, found that the cost per compromised record in the United States dropped from $194 in 2011 to $188 per record last year.
Although the country still experiences the most costly data breaches in comparison to other nations surveyed in the report, (the U.S. came in second only to Germany, where the cost per compromised record was $199 last year), this marks the second year in a row that breach costs have trended down in the nation.
To calculate the cost of breaches, the study weighed a range of factors, from funds used to detect an incident to notification and response costs, such as credit report monitoring for victims. In addition, long-term expenses, like customer attrition, also were considered.
Last year's study showed that the cost per compromised record fell from $214 in 2010 to $194 in 2011 – marking the first time the cost of breaches dropped in the study's seven-year history, despite no slowdown in the number of incidents.
In the United States alone, the study was based on the responses of 450 individuals at 54 companies in 14 different industries that sustained data loss incidents.
The survey additionally tabulated the responses of individuals working at 200 other breached organizations spanning eight countries: Australia, Brazil, France, Germany, India, Italy, Japan, the U.K.
Organizations in America saw the reduction in data breach costs due to strengthening their overall security posture through several steps, including determining the root cause of major incidents, limiting access to sensitive information, and conducting independent audits of their system. In addition, implementing an incident response plan and appointing a CISO also lowered breach expenditures, the study found.
Larry Ponemon, chairman and founder of the Ponemon Institute, told SCMagazine.com last week that the decrease in breach costs haven't become “significant” here yet, given their inflated levels, but that they are on a downward trajectory.
More organizations are aware of the need to rein in costs now that most states require personal information compromises be reported to victims.
“A lot of the privacy and breach laws have encouraged organizations to acknowledge [breaches],” Ponemon said. “The longer trend is to see the cost of the data breach fall and it's definitely moving in the right direction.”