The average cost of a data breach to an Australian enterprise increased from A$2.16 million in 2011 to $2.72 million last year, according to the Ponemon Institute’s 2013 Cost of Data Breach Study.
The study, which was sponsored by Symantec, examined the costs incurred by 21 Australian companies who were subjected to data breaches.
According to the report, 43 per cent of Australian organisations indicated that the cause of the breach was a malicious attack. This increased from 36 per cent in 2011.
Thirty-three per cent of breaches involved negligent employees or contractors while 24 per cent indicated that the compromise was due to IT and business process failures.
However, the study also found that fewer Australian customers are abandoning the organisation following the breach. Customer churn rates decreased from 3.4 per cent in 2011 to 2.9 per cent last year.
“Despite declining churn, certain industries, such as financial, service companies and technology are more susceptible to high customer churn, which causes their data breach costs to be higher than other industries,” read the report.
For the fourth year in a row, the cost per lost or stolen record increased. In 2011, the cost in Australia was $138 and increased to $141 in 2012.
Symantec Pacific region vice president and managing director, Brenton Smith, said that with the cost and severity of data breaches increasing year on year, the federal government’s proposed <i>Privacy Amendment (Privacy Alerts) Bill 2013</i> could not be “more timely”.
If passed into law, the Bill will require government agencies and businesses to notify customers of serious data breaches in relation to personal, credit reporting, credit eligibility or tax file number information.
“Mandatory breach notification ensures that in the unfortunate event of a data breach, consumers are provided with the information required for them to take the necessary remedial steps,” he said in a statement.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.