That's the main point from the following article:
The cost was calculated per record and on average breaches that involved outsource/cloud computing were more costly. The reasons why are sensible:
- Increased legal costs due to multiple and different jurisdictions.
- Additional investigation requirements.
- And because of that second point, additional consulting fees.
This isn't a knock on cloud computing, per se, rather just a fact of what the real costs are. In the security world we never talk about if there will be a security incident. We talk about when. The additional cost for a breach needs to be factored in to the business model. Also, this represents a relatively small set of data to look at. Only sixteen organizations participated. We really need a larger sample pool, however, at face value the reasons given justify the increased cost cited by the initial study.