Million-dollar mistakes: 2010 data breaches cost US companies an average of $7.2M

data breach costsSymantec and research group Ponemon Institute released a report today detailing the cost of data breaches in 2010. The study, titled 2010 Annual Study: US Cost of a Data Breach, accounted for last year’s cybersecurity failures and found that the cost these malicious, often criminal infiltrations have caused has increased 43 percent since 2009.

2010 became synonymous with terms like DDoS, Stuxnet, and of course Anonymous. Unfortunately for the victims in these situations, attacks are becoming increasingly sophisticated and costing considerably more money. According to the report, businesses subjected to a data breach paid an average of $7.2 million last year. Even worse – companies that quickly responded to a break in were actually hurt more than those who opted for a wait and see approach. The fast actors paid 54 percent more.

“We continue to see an increase in the costs to businesses suffering a data breach,” says Dr. Larry Ponemon, chairman and founder of the institute. “Regulators are cracking down to ensure organizations implement required data security controls or face harsher penalties. Confronted with both malicious and non-malicious threats from inside and outside the organization, companies much proactively implement policies and technologies to mitigate the risk of costly breaches.”

The study noted that the highest contributor to compromised internal data was negligence. Symantec senior VP France deSouza notes that “securing information continues to challenge organizations at all levels, but the vast majority of these breaches are preventable.” Of course, it should also be acknowledged that Symantec sells system security technology. That said, the study did analyze the data breach experiences of 51 companies spanning 15 different industries in the US. And of course, there have been a number of highly public and concerning hacks this year.

Most recently, the Nasdaq experienced a significant security threat. While its internal network wasn’t infiltrated, other companies haven’t been so lucky. HBGary was notoriously victim to the work of hactivist group Anonymous, which outed the security firm for its plans to run a smear campaign against WikiLeaks. The company also lost partnerships, investors, a wealth of confidential data, and of course its reputation. And the cyberattacks don’t end there: US fuel companies have been warned to watch their backs as well.

Even cynics who believe Symantec and Ponemon are simply trying to make a buck off nail-biting execs have to see we’re increasingly living in a hacker’s world. It seems like companies have two choices: Pay up front for a security firm’s services, or empty your wallet after your network is compromised.