SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java

Responding to a data breach is much more expensive today than it was a couple years ago, according to the latest survey conducted by Ponemon Institute.

In its third annual study into the financial impact of data breaches, Ponemon Institute reports the episodes are costing an average of USD 197 per lost or stolen customer record during 2007, a slight bump from the figure of USD 182 per exposed record that it tracked one year ago, and a significant gain over the estimate of USD 128 per record that the research firm published in its initial 2005 survey.

The study surveyed the experiences of 35 organizations across an array of 15 industries, each of which has suffered data breaches over the past year that involved from fewer than 4,000 records to more than 125,000 records.

Other findings indicate that the cost of lost business continued to increase at more than 30 percent, averaging USD 4.1 million or USD 128 per compromised record. Lost business now accounts for 65 percent of data breach costs compared to 54 percent in the 2006 study.

One of the issues driving the continued escalation of data breach remediation expenses, according to the research, is the estimated cost of lost business and so-called customer churn that results from notification of the episodes.

Among the other expenses facing organizations that suffer data incidents are monies spent to provide customer support and credit monitoring services to affected individuals, along with budgets allocated for advertising and marketing efforts aimed at repairing companies' public images.

Companies have also found that most customers do not utilize the credit monitoring services organizations frequently offer in the wake of a breach to help people monitor their records for potential fraud, the expert maintains. By scaling back those offers and spending more money on image control, organizations have been able to cut some costs, he said.

As a result, the average cost of notifying customers of a data breach actually dropped significantly or roughly 40 percent, falling from USD 25 per lost record one year ago to USD 15 in 2007, according to the report.

The study also found that breaches by third-party organizations such as outsourcers, contractors, consultants, and business partners were reported by 40 percent of respondents, up from 29 percent in 2006 and 21 percent in 2005. Breaches by third parties were also more costly than breaches by the enterprise itself, averaging USD 231 compared to USD 171 per record.

One thing is certain, Ponemon said. Data breach costs will continue to skyrocket unless companies do more to prevent them in the first place. He noted how, according to the latest tally from the Privacy Rights Clearinghouse, more than 216 million records have been compromised since early 2005.

"Companies continue to pretend data breaches won't happen to them. Crossing your fingers is not an acceptable security measure, yet that seems to be the prevailing attitude," said Ponemon.

Email and data encryption vendor PGP CORP. and data loss prevention vendor Vontu, Inc sponsored the study.