Last year a U.S. company lost 22 million euros due to the leakage of customer data, the most expensive data incident of 2009. The Ponemon Institute, which mapped the cost of data leaks from U.S. companies for the fifth time, does not want to say which company it is. On average, "leaky" companies loose 4.8 million euros per incident. This is the loss of sensitive information from malicious and careless employees, hackers and malware. The number of reported data leakage decreased from 657 in 2008 to 498 in 2009. The average cost per incident increased, however slightly, which also counts for the value of lost data. Per lost record an average company loses 145 euros.
Affected companies are well-advised to inform customers as late as possible. According to the Ponemon Institute, an early warning by a company may increase costs unnecessarily. It also appears that data leaks and botnet attacks doubled in 2008 bringing more costs compared to incidents caused by negligence or system errors. The number of attacks increased from 12% to 24%. The cost per lost record in these cases are also higher than losing data due to sloppiness and system errors. A hacked record will cost a company 153 euros, while records that end up on the street due to negligence or system failures will cost 109 euros and 118 euros respectively.