The just released 2010 Annual Study: U.S. Cost of a Data Breach tracks the increasing cost of organizational data breaches; up for the fifth year in a row. Based on the actual data breach experience of 51 U.S. companies in 15 industry sectors, it reveals the average organizational cost of a data breach increased to $7.2 million, up seven percent from $6.8 million in 2009, with a cost of $214 per compromised record, up from $204 in 2009.


Total breach costs have grown every year since 2006. The most expensive data breach in 2010 cost that company $35.3 million to resolve, up $4.8 million or 15 percent from the most expensive organizational data breach in last year’s study. The least expensive data breach reported this year was $780,000, up $30,000 or four percent from 2009.


The report takes into account a wide range of business costs, including expense outlays for detection, escalation, notification, and after-the-fact (ex-post) response. It also analyzes the economic impact of lost or diminished customer trust and confidence as measured by customer turnover, or churn, rates.


It’s no surprise that when a data breach occurs, customers react. Abnormal churn or turnover in direct response to a data breach remains dominant factor in data breach costs.


One important trend the study reveals is that data breach costs tend to correlate directly with the presence or absence of major causes, like malicious or criminal attacks, or data protection best practices. In 2010, cost for breaches involving all major causes grew between 15 and 48 percent from 2009, while breaches that lacked those factors or illustrated best practices dropped to the bottom of the rankings.


If you are in a position to help your organization avoid a costly data breach, Clearwater would like to help. We work with the industry leader, IDExperts, in offering incident response and data breach management solutions. A security assessment will help your organization meet HIPAA compliance requirements and identify gaps and solutions for remediation – before an incident occurs. We can also help your organization implement some tried and true policies and procedures so you don’t have to reinvent the wheel or worry about whether your organization is implementing best practices.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.