Costs are up for lost records
The Ponemon Institute recently released its 2009 data breach figures. The average cost per customer record lost is up to $204, $2 higher than 2008, and the average total cost per company is now $6.75 million. The sample size is relatively small – 45 companies.
It should be noted that many costs associated with a breach (i.e. notification costs, credit monitoring, investigative costs, etc.) are subject to sublimits under most, if not all, Privacy Liability policies. The sublimit is typically equal to 10% to 20% of the limit of liability ($100,000 on a $1MM policy). This is not much coverage and will most certainly be a limits loss for insurer if there is a breach. Always try to increase this sublimit limit when negotiating coverage.