Following up to last week’s Tip, with key findings from the Ponemon Institute’s “2009 Annual Study: Cost of a Data Breach” (found here on the web and sponsored by PGP), there’s another finding that is quite remarkable.

According to the study, on page 4, companies that notify victims too quickly may [in] (sic) fact incur higher costs. The most heated and public criticism levied against breaching organizations has always been the “why did you wait so long?” argument. The victims (typically consumers, that is, individuals) tend to get very upset with a breaching organization, claiming it took far too long to notify victims.

But the new report found that about 36 percent of participating organizations notified victims within one month, which was considered fast, and yet experienced a 12 percent rise in overall data breach cost. According to the study, “moving too quickly through the data breach process — especially during the detection, escalation and notification phases — may cause inefficiencies that raise total costs.”

Perhaps this goes to show that you can’t make everybody happy all the time. By taking the proper time to discover the details of a breach and respond carefully, organizations draw lots of fire from commentators near and far. But by acting too quickly, they raise their breach costs.

This also leads back to last week’s Tip, highlighting the significant value of key leadership during a data breach. No doubt that leadership and the response timetable go hand in hand.