The average cost of a data breach is £47 per compromised record, according to a survey from the Ponemon Institute.
For security blunders in the financial services sector, that cost rises to £55 per compromised record.
Lost or stolen laptops and mobile devices account for most data breaches in the UK, according to the research, which is sponsored by Symantec and PGP Corporation. Thirty six per cent of data breaches resulted from lost and stolen laptops or other mobile devices.
Paper records follow not far behind at 24%. Data lost by outsourcers or third party’s accounted for 12%, while technical attacks, such as hacking activity and malicious code, only accounted for 9% of breaches.
The survey found that where data was compromised by third parties, the cost per record was £59, considerably more than the £47 average.
Lost business accounted for more than a third of the costs incurred by businesses following a significant data breach. Almost a third of the costs were spent on detection and escalation. The cost of notifying customers that their data was lost was negligible in comparison.
The IT security department was the group most frequently involved in the response to a data breach, (for 62% of respondents), with compliance and business units sharing responsibility 55% and 43% of the time, respectively. But "IT organisations shared responsibility only 35% of the time, indicating that UK businesses treat a breach event as a failure of policy and not a technical IT operation," said the report.
Organisations suffering a breach were also found to have experienced an “abnormal” customer churn rate, 2.5% higher than average immediately following an incident.
Breaches included in the benchmarking exercise ranged from 2,500 to more than 125,000 records from 21 UK businesses spanning eight different industry sectors. The most serious incident is estimated to have cost the firm involved almost £3.8m.
Most respondents that suffered data breaches indicated they were investing in encryption and data loss prevention products to defend against further incidents.
"Businesses and government in the UK are just now coming to realise the impact a data breach can have on an organisation and its customers, similar to developments in the US five years ago when data breaches became headline news," said Larry Ponemon, chairman and founder of the Ponemon Institute.
PGP Corporation, Symantec and Ponemon also called for the UK to introduce breach notification laws similar to those in more than 35 US states, to lower the frequency of such incidents.
Last year, the HM Revenue and Customs lost discs containing 25 million child benefit records in the worst data breach in the UK.
Find your next job with computerworld UK jobs