Data breaches cost more in the US
Companies, beware! Data breaches do cost a lot if you’re operating in the US. A recent study conducted by the Ponemon Institute shows that a data breach occuring in the US could cost twice as much as a similar incident from a different country with less stringent disclosure and notification laws. Yet the US is not alone in this, as all countries that have strict rules related to data security and what should be done in case of a breach makes the total cost go up.
After comparing data breach costs in five countries, the United States, the United Kingdom, Germany, France, and Australia, the study concluded that in the U.S., due to the fact that 46 states have introduced laws that require organizations to publicly disclose the details of breach incidents, the cost per lost record was 43% higher than the global average. The second most expensive country is Germany with a cost per lost record 25% higher than the worldwide average. Australia, France, and the U.K. have no data breach notification laws thus the costs were all below the average.
“A big reason for [the high cost of churn in the U.S.] is that U.S. companies are required to notify customers of their breaches, even if they only suspect that the customers’ records might be affected,” Ponemon says. “That sort of notification doesn’t happen anywhere else in the world.” Notification accounts for $500,000 of the $6.75 million that the average U.S. company spends on a breach, according to the study; the average French company spends only $120,000 on notification.
The Ponemon study breaks breach costs into five components: detection, escalation, notification, post-breach response, and customer churn (losing customers after the breach and replacing them with new ones). Of the five components, customer churn is the highest cost, accounting for 44% of breach costs worldwide.
