The study by research group the Ponemon Institute found that this figure was over 30 per cent higher than in 2005. According to the research, entitled "2006 Annual Study: Cost of Data Breach", completed in September, the main reason for data loss in nearly half of the cases was a stolen or lost laptop, PDA or thumb drive.
The report's authors found that data breaches cost companies an average of $182 per compromised record, a 31 percent increase from 2005. The Ponemon Institute analysed 31 different incidents for the study. Total costs for each ranged from less than $1 million to more than $22 million.
Dr. Larry Ponemon, chairman and founder of The Ponemon Institute said that the costs of data breaches were significant and made a strong case for "more strategic investments in preventative measures such as encryption and data loss prevention."
"Tough laws and intense public scrutiny mean the consequences of poor security are steep and growing steeper for companies entrusted with managing stores of consumer data," said Dr. Ponemon.
As reported in ITPro yesterday, the EU is considering introducing tough US-style laws to make companies come clean over data breaches. Jamie Cowper, marketing manager EMEA at PGP Corporation, one of the companies that sponsored the report, said that introducing US-style data breach disclosure laws in Europe would have "tremendous repercussions for local companies."
"Whether it's a hack or a misplaced laptop, companies would not only have to publicly admit that their security policies just weren't up to scratch, but they would also have to individually notify every person who might be affected by the breach, which in the case of exposed customer records could run into the millions," he said. "It goes without saying that this would be both hugely embarrassing and very costly indeed."
The study tracked a wide range of cost factors, including legal, investigative, and administrative expenses, as well as stock performance, customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
