MADISON, Wis., and TRAVERSE CITY, Mich. (11/30/07)--The costs of failing to protect their customers' private data is on the rise for companies involved with data breaches, according to new research. But it isn't known how much these breaches have cost the nation's credit unions. Data breach incidents cost companies $197 per compromised customer in 2007, compared with $182 in 2006, according to Traverse City, Mich.-based Ponemon Institute. Data loss incidents involving more than 215 million individual records have occurred since January 2005. Ponemon's survey focuses on actual data breaches in 35 U.S. organizations, including financial services, retail, healthcare and software companies. The average per-incident costs in 2007 totaled $6.3 million, compared with $4.8 million in 2006, said the institute. Lost business accounted for roughly two-thirds of the average cost per incident. The cost of lost business rose by 30% to $4.1 million on average in 2007. Breaches by third-party organizations were reported by 40% of respondents--up 29% from 2006. This type of breach was also more costly--on average $231 per record compared with in-house breaches at $171 per record. It isn't known how much these company's breaches have cost the nation's credit unions. CUNA Mutual Group tracks plastic card fraud losses for claims submitted by its policyholders.. Of submitted credit union losses reported in 2006, 76.7% were due to counterfeits, 15.5% due to stolen cards, 5.3% to lost cards and 2.5% to "other," according to CUNA Mutual's Plastic Fraud Update. CUNA Mutual's figures "do not represent fraud losses for all credit unions or take into account other costs of data breaches that were highlighted in the [Ponemon Institute] study," Phil Tschudy, media relations manager at CUNA Mutual, told News Now. In the first three quarters of 2007, plastic card fraud losses incurred by CUNA Mutual's policyholders totaled between $56 million to $57 million, according to the Plastic Fraud Update. That figure is for debit, credit and ATM cards. Debit cards account for more than half of the losses. The 2007 total is significantly less than plastic card losses submitted for the same time nine months last year: $33 million for first-quarter 2006, $24 million in second quarter, and $22 million in third quarter. Third-quarter 2007 losses submitted by policyholders were slightly over $17 million, while second quarter losses were at $20 million, and first quarter losses at slightly more than $20 million. Losses for the first three quarters for 2006 totaled $98.7 million, although estimates of losses not submitted by credit unions could bring that figure to more than $100 million. That compares with $89 million in 2005, $57 million in 2004, $40 million 2003, and $39 million in 2002, according to the CUNA Mutual figures. In the data breach study, Ponemon Institute also noted that notification costs for breaches fell 40% to $15 per customer in 2007 from $25 in 2006. That suggests a more measured, less reactive breach response by companies, Ponemon said. After the breaches, the companies implemented six technology measures, ranked in order: expanded encryption; data loss prevention solutions; identity and access management solutions; endpoint security controls; security event management solutions; and perimeter controls. Ponemon noted that the easiest way for companies to avoid the costs associated with a data breach "would be to avoid a breach in the first place." Use the resource link for more information.