Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches, according to a new Ponemon survey to be released on Monday.
The incidence of malicious attacks rose from 12 percent in 2008 to 24 percent last year, according to the 2009 Annual Study: U.S. Cost of a Data Breach survey conducted by the Ponemon Institute and sponsored by PGP Corp.

The cost per compromised record involving a criminal act averaged $215, about 40 percent higher than breaches from negligence and 30 percent higher than those from glitches, the survey found.

For the first time, companies reported in the survey that data-stealing malware caused their breaches.

The average organizational cost of a data breach increased nearly 2 percent to $6.75 million in 2009, while the average cost per compromised record per breach rose only $2 to $204. The most expensive breach in the survey was nearly $31 million and the least expensive was $750,000.

Meanwhile, 42 percent of all cases reported in the survey involved mistakes made at third parties, such as outsourcers, and 36 percent of the cases involved lost or stolen laptops or other mobile devices.

For the study, 45 U.S. companies from 15 different industries were surveyed. The figures include business costs including expenditures for detection, notification, and response, as well as the economic impact of lost or diminished customer trust and confidence as measured by customer turnover rates.

The link for this article located at CNET is no longer available.