Press Releases

New Ponemon Study Reveals the True Cost of a Data Breach in the U.K.

London / 25 February, 2008– Privacy and information management research firm Ponemon Institute, PGP Corporation, a global leader in enterprise data protection, and Symantec Corp. today announced the results of the first study on the costs incurred by U.K. businesses after experiencing a data breach. Research by the Ponemon Institute found that the average total cost per incident was more than £1.4 million. The "2007 Annual Study: U.K. Cost of a Data Breach" also reveals that the financial impact of lost business due to reduced consumer trust was the most significant component of data breach costs. This first-annual U.K. study was sponsored by PGP Corporation and Symantec.

The report released today focuses on the cost of activities resulting from actual data loss incidents as well as identifying the most frequent causes and likely technology responses to a data breach. Breaches included in the survey ranged from 2,500 to more than 125,000 records from 21 U.K. businesses spanning eight different industry sectors. Among the key findings:

  • The average total cost of a data breach ranged from £84,000 to almost £3.8 million, with an average of £47 per record compromised;
  • 36 percent of reported costs were due to lost business, with an abnormal customer churn rate (higher than average) of 2.5 percent after a breach;
  • The cost of a data breach for financial services organisations was more than 17 percent higher than average, at £55 per record compromised;
  • 38 percent of respondents reported breaches by third-party organisations, such as outsourcers, consultants and business partners, at a significantly higher cost per record compromised and,
  • 36 percent of data breaches resulted from lost and stolen laptops or other mobile devices.

Survey respondents identified encryption and data loss prevention solutions as the top two technology responses following a data breach, indicating that U.K. organisations increasingly understand the benefits of deploying enterprise data protection to defend data against future breaches.

"This study establishes a first of its kind benchmark for organisations in the U.K. to calculate the risk and potential monetary consequences of a data beach," said Larry Ponemon, Chairman and founder of The Ponemon Institute. "Businesses and government in the U.K. are just now coming to realize the impact a data breach can have on an organisation and its customers, similar to developments in the United States five years ago when data breaches first became headline news."

"Over the past year, the number of reported data loss incidents in the U.K. rose at a truly alarming rate," said Phil Dunkelberger, president and CEO of PGP Corporation. "The new Ponemon study reveals the significant costs of such breaches and should help make organisations aware that they need to rethink their approach to data security. The investment required to prevent data loss is dwarfed by the potential costs of a breach, making the need for an enterprise data protection strategy undeniably clear."

"The fact that more than a third of breaches result from data being shared with third parties in the normal course of business is a clear signal that organisations should examine how they are sharing their customers' data with outsourcers, vendors, and partners," said Joseph Ansanelli, vice president of data loss prevention solutions, Symantec. "Our customers are well aware of this risk, which is why they are investing in data loss prevention solutions from Symantec."

A copy of the "2007 Annual Study: U.K. Cost of a Data Breach" may be obtained from PGP Corporation or Symantec.

About the Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organisations in a variety of industries.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, PDAs, network storage, file transfers, automated processes, and backups.

PGP solutions are used by more than 80,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune® 100, 75 percent of the Fortune® Global 100, 87 percent of the German DAX index, and 51 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help businesses and consumers secure and manage their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Media contacts:

For PGP Corporation
Jacqui Depares / Richard Scarlett
Johnson King
020 7401 7968

For Symantec
Abigail Lovell
Symantec Corporation (UK)0118 943 6846

For Ponemon Institute
Mike Spinney (US)