Still highlighting the “2009 Annual Study: Cost of a Data Breach” by the Ponemon Institute, sponsored by PGP, another interesting finding concerns first-time data breaching organizations. On page 17, the report reveals that “more than 82 percent of all cases in this year’s study involved organizations that have had more than one data breach involving the loss or theft of more than 1,000 records containing personal information.”

But, it goes on, “Data breaches experienced by ‘first timers’ are more expensive than those experienced by organizations that have had previous data breaches. The per victim cost for a first-time data breach was $228, versus $198 for companies that have experienced two or more incidents. This finding suggests companies that experience data breaches become more efficient at managing costs over time.”

Indeed, it’s a bit difficult to gauge this finding. On the one hand, it pays to be experienced. Data breach veterans have “been here before” and handle costs better. On the other hand, obviously that’s still no good since even a bargain cost of damage at, say, $100 per victim, is $300 per victim if it happens three times.

Organizations should keep in mind that the first time they’re hit with a data breach will likely be the most expensive time. Those are dues that simply aren’t worth paying–a club not worth joining.