The latest U. S. Cost of a Data Breach Study, sponsored by the Ponemon Institute and PGB Corporation, indicates a significant increase in not only the out of pocket cost of data breach incidents, but also the cost of lost business created by the turnover of customers due to the breach.

According to the study, which looked at organizations crossing 17 different industry sectors, data breach incidents cost U. S. companies $202 per compromised customer record in 2008, up from $197 in 2007. The largest cost increase concerns lost business, showing a nearly 40% increase in the past three years. The average per incident costs in 2008 were $6.65 million, up from $6.3 million in 2007 and ranged from $613,000 to almost $32 million.

Healthcare and Financial Services Organizations Show Highest Losses. No matter how comprehensive an organization's information security practices are, it is still vulnerable to a breach of confidential information. Healthcare and financial services companies have been shown to suffer the highest customer loss. The average cost of a healthcare breach is $282 per compromised customer which is twice that of the average retail breach of $131 per compromised customer.

Other key findings of the survey include:

• Third party organizations accounted for more than 44% of all cases.
• More than 88% of all cases involved insider negligence.
• Lost business is the most costly effect, averaging $4.59 million or $139 per record compromised.
• Data breaches experienced by "first timers" are more expensive than those experienced by organizations that have had previous data breaches.
• Training and awareness programs lead companies' efforts to prevent future breaches.

Most Security Breaches Involve Paper

Stories about missing laptops and stolen passwords appear daily, but a recent study shows that most data breaches involve paper. According to the study, 49% of respondents whose companies have been affected by a data breach said that one or more of the breaches involved the loss or theft of paper-not electronic-documents. And, 80% of respondents indicated their company had experienced one or more breaches in the past 12 months alone.

When a breach does occur and customers must be notified, several key issues must be addressed including the potential legal costs, cost of lost customers and brand damage, costs relating to the detection, investigation, notification and possible services offered to affected individuals.

S.H. Smith & Company, a nationally recognized expert with regard to the placement of Cyber, Security and Privacy policies, is taking a leadership position in recognizing the importance of educating its customers on issues that are confronting organizations of all sizes. For more information and materials to share with your clients, click here or contact:

Todd McDonald Connecticut Office 860.561.3600 800.356.0168 Click to email

David Perkins Massachusetts Office 781.449.2227 800.735.1023 Click to email

Jeanine Loomis Minnesota Office 651.647.6254 877.279.8500 Click to email

Ed McGuire Pennsylvania Office 610.644.8433 866.910.8433 Click to email

For general information about S. H. Smith, feel free to call or email anyone at any of our offices. For any state not listed below, please contact Scott Smith, President. S. H. Smith & Co. is a national firm, licensed to write in all 50 states.

Massachusetts office Michael McIntire 774.238.6806 Click to E-Mail Connecticut office Ed McGuire 860.561.3600 Click to E-Mail Ohio office Terrence Coughlin 330.656.2525 Click to E-Mail Lori Ault 440.930.0543 Click to E-Mail

Minnesota office Mark Mattson 651.647.6254 Click to E-Mail Pennsylvania office Ed McGuire 610.644.8433 Click to E-Mail New York/Vermont office Les Dalmata 315.826.5244 Click to E-Mail

S.H. Smith & Company is a national independently-owned specialty insurance broker, managing general agency and program administrator. Our specialists in each of our divisions have a depth of experience which we believe is unmatched in the industry. For more information, please call Scott Smith at 860.561.3600 or email by clicking here.

Our main office is located at 20 Church Street, Suite 1500, Hartford, CT 06103 and can be contacted by phone at (860) 561-3600. This newsletter is subscription based and is not unsolicited email. If you would like to unsubscribe, please e-mail marketsmarts@shsmith.com.