U.S. beats Germany, U.K. and France when it comes to data breach notification costs, but why?

Published: August 28, 2012 by Michael Bruemmer

The U.S. tops Germany, the U.K. and France when it comes to data breach notification costs. In other words, it costs American companies more to notify people of a data breach when their personal information is lost or stolen.

The Ponemon Institute, which recently conducted a global data breach study, found that it cost U.S. companies an average of $561,500 to notify victims per breach, compared to $303,600 for German companies and $223,100 for companies in the U.K. Even more interesting, is that in some countries – like India and Australia – companies only spend an average of $31,000 (India) and $80,000 (Australia) to notify customers of a data breach. (All figures are U.S. dollars)

So why do American companies spend so much more on data breach notification?

The answer is mainly due to numerous laws and regulations. Currently, 46 states have breach notification laws and several federal agencies, such as the Department of Health and Human Services, require organizations to notify potential victims when their unsecured protected health information is breached.

In contrast, countries without breach notification laws – like India and Australia – spend much less because they don’t have to notify all of their data breach victims. Countries like Germany and the U.K. have strict notification requirements, although not as tough as the U.S.

American companies and organizations may not be able to do much about notification costs, which are expected to continue to rise. But there are other measures that can be taken to lower the cost of a breach. For example:

  • Negotiating a pre-breach agreement with a data breach resolution provider to lock in a good rate ahead of time.
  • A chief information security officer (CISO) who is responsible for enterprise data protection can reduce the cost of a breach by as much as $80 per record, according to the Ponemon Institute.
  • Increased loyalty by treating potential victims fairly and providing them with credit and/or identity protection can prevent the loss of customers and potentially save millions.