Wednesday, October 25, 2006

Ponemon Institute Study Highlights Impact of Data Breaches on Customer Value

The Ponemon Institute ( earlier this week released its second annual study on the cost to companies of data breachers. The study, “2006 Annual Study: Cost of a Data Breach”, was sponsored by PGP Corporation ( and Vontu, Inc. (, which both sell data protection technologies. It is available here on the PGP Web site.

The study found that just over half the total cost of a breach was due to customer opportunity costs, as measured by increased turnover among existing customers and greater difficulty in acquiring new customers. Actual figures were $98 in customer opportunity costs of a total $182 cost per lost customer record. Other cost components were $54 per record for out of pocket expenses such as customer notifications and $30 per record for employee and contractor time.

From the perspective of the Ponemon Institute, what’s important about this is the total magnitude of the problem: annual cost is “in the billions” when applied to the tens of millions of records breached each year. (The Ponemon study includes its own extrapolation of 23 million notifications in 2005 and mentions a 93 million figure from the Privacy Rights Clearinghouse.) From the perspective of the study’s sponsors, what’s important is that the cost of a breach (average $4.8 million, ranging from $226,000 to $22 million) is much less than what they charge for the technologies to prevent it.

From the perspective of Customer Experience Management, what’s important is (a) that Ponemon Institute thought to include the customer impact in their measurements and (b) found customer impact to be a very significant part of the total cost. The first illustrates the growing awareness of customer value measures and the second illustrates why it’s so important to include them when making business decisions.

No comments: