​

WHEN COMPANIES LOSE customer information via data breaches, they lose an average of $14 million. That’s calculated from the responses of 14 companies that have actually suffered data breaches and agreed to complete a survey by The Ponemon Institute, which researches privacy management practices.

The survey’s respondents range from the large to the small, as do the size of the breaches. For example, some 900,000 accounts were compromised at a financial services organization; one retailer’s breach exposed credit card records of 120,000 shoppers; and at a higher education organization, data on 2,450 students was compromised.

The study broke the $14 million figure into direct costs, such as unbudgeted spending on legal counsel and mail notification letters, which accounted for $5 million, or $15 per lost customer record; indirect costs of $1.5 million for lost employee productivity; and opportunity costs from losing existing customers and recruiting new ones, which cost some $7.5 million, or $75 per lost record.

A related survey by The Ponemon Institute found that consumers “reacted extremely negatively” to notifications of loss, with 19 percent severing their relationship with the company in question, and another 40 percent considering doing so. Only 14 percent of the 9,000 respondents said they were not concerned. The implications for the bottom line are clear.