CIO.com have published an article by Dr. Larry Ponemon of the Ponemon Institute. It continues the relentless reports of how data loss incidents are on the rise and the associated costs. The article discusses the results of the recent annual data breach study which concludes that the average cost of a data breach in 2008 was $6.65 million.
 | "Violate a consumer's trust and they are more likely to walk, and that likelihood increases when the breach involves an organization in which the consumer has placed a great deal of trust." Dr. Larry Ponemon, chairman and founder The Ponemon Institute. |
The summary of this study leads Dr Ponemon to state "the financial impact for a company that experiences a data breach is significant and rising." The institute use the data from their studies to, "analyze the methods and strategies used by companies when responding to a breach, and the outcome of the response, to create best practices so other organizations don't have to learn from their own experience."
One aspect of the report I found interesting is the effect on certain industries when it comes to rates of customer loss. Dr Ponemon describes;
"This year, lost business costs rose to a level 38 percent higher than in 2005. What's more, healthcare and financial services organizations experienced much higher abnormal customer loss—6.5 percent and 5.5 percent respectively—when compared with retail and consumer products organizations, whose churn rates were found to be 1.5 percent and 3.6 percent respectively. The significant difference in these rates of customer loss can be explained in one word: trust. Violate a consumer's trust and they are more likely to walk, and that likelihood increases when the breach involves an organization in which the consumer has placed a great deal of trust.
What do I mean? When a consumer chooses to do business with a financial services or healthcare organization, they tend to conduct more due diligence than when they walk through the doors of a department store to buy a shirt or a pair of shoes. A retail purchase is a simple transaction, but banking and healthcare requires entrusting an individual or organization with a great deal of highly sensitive information. Violate that trust and the customer may be more inclined to look for a new relationship. This is especially evident when the consumer receives multiple breach notifications from such an organization."
Companies right now need to do everything possible to retain existing customers and attract new business. As Larry highlights, people are very diligent when they make decisions about whom to place their finances with and with whom they entrust their healthcare so these organisations are more at risk than most.
Yet it isn't all doom and gloom. It is possible to turn this risk into a competitive advantage. Budgeting for the deployment of an IRM technology to protect customer information can both reduce financial risks of data loss but can also be used to differentiate your organisation from the competition by being seen to be using advanced technologies to protect their confidential information. This can drive new business which is crucial right now. Businesses who are freezing budgets, hoping to cut costs are potentially exposing themselves to further financial demise. Instead it is wise spending in the right areas to both maximise revenue and minimise risk that will prove the survival of the fittest.
