Data breaches cost UK companies an average of £47 for every record lost.

This means the average cost to a company which suffers a data breach is £1.4m. The Ponemon Institute isn't pulling these figures out of the ether - it talked to 21 UK companies about how much actual data breaches cost them.

Phillip Dunkelberger, CEO at PGP Corporation, told The Reg: "Companies are increasingly waking up to the real cost of data losses, especially the cost of losing customers. It is a serious global problem with no easy answers."

Both PGP and Symantec, who co-sponsored the study, believe some kind of data notification law - where companies are obliged to tell a third party when a breach occurs - could help.

Ponemon estimates customer churn rates to go up by an average of 2.5 per cent after a data loss, but the worst example in the UK saw churn rates go up by seven per cent.

The size of the losses examined ranged from 2,500 records to more than 125,000 and costs ranged from £84,000 to £3.8m.

Breaches by third parties were more expensive than in-house losses - on average £59 rather than £42 in-house. This is a difficult issue for big companies to deal with, because their supply chain will include hundreds or even thousands of partner and outsourcer companies.®

Related stories

• Lost laptops cost companies $50k apiece (23 April 2009)
• Updated UK data breach costs swell (4 February 2009)
• PGP takes disk encryption management into the cloud (21 October 2008)
• Midwife's lost diary sparks mums and baby alert (14 August 2008)
• SQL string in URL exposes sex offender data (17 April 2008)
• MoD loses 11,000 ID cards (12 March 2008)
• Confidential Home Office data turns up in laptop on eBay (28 February 2008)
• Opinion Don't expect privacy law overhaul in the wake of HMRC (28 January 2008)
• Data breach costs soar (29 November 2007)
• UK Identity Crisis Civil service apologises for HMRC data loss (26 November 2007)