Forrester Research released a report (not free) on Security Breach costs on April 10 of this year. According to Network World, Forrester surveyed 28 companies that experienced a data breach and determined the total average security breach cost as between $90 and $305 per lost record. Of note, the discovery, response and notification costs per lost record were determined to be approximately $50. Earlier, we discussed the results of a Ponemeon Institute security breach study that reported the average total recovery cost as $140 per lost record.
As the varying reports demonstrate, the actual cost of a security breach is difficult to fully and accurately assess. This is at least partially due to the variety of factors to consider. For example, beyond losing sales and spending money to beef up the company’s security infrastructure, there is lost employee productivity to consider as well as the possibility of a regulatory fine. And the customer notification costs can be noteworthy, particularly if they include public relations expenses and/or some sort of restitution effort (product/service discounts, complimentary ID theft protection, etc.). Follow our story re TJX for a real life security breach claim example.