When a data breach happens, somebody has to foot the bill for the damage it causes. This is the case with all breaches, whether the victims are government, individuals or corporations. However, some of the most expensive data hacks that do occur annually are those that are aimed at corporate victims. In these cases, it’s almost always the consumers who end up paying the costs through direct or indirect means.
FREE Download: CISO Data Breach Guide: How to reduce risks and overall cost by increasing automation
We’re now going to cover these consumer paid costs in detail, starting with an actual example of a massive corporate data breach–the Target 2013 data breach.
A Case Study of the Target Breach
In December of 2013, Target, the major retail chain giant, was the victim of a data hack in which some 40 million credit card records were stolen by data thieves.
In addition to the effects this had on the company’s executives, management and employees, millions of Target customers also had money taken out of their pockets in some way or another.
The direct costs to Target itself included a severance package for the resigning CEO, who was paid 15.9 million dollars. The company itself suffered fines of over 1 billion dollars for negligence and other infractions, and on top of that, there was the issue of dealing with 2.2 billion dollars in refunds for fraudulent transactions, which major card providers had to pay to their users.
As a result of the whole mess, Target suffered an additional revenue loss of 443 million dollars in 2014.
The Cost of an Average Breach
Target’s breach was an exceptional case, but even the average data breach is expensive.
There were a reported 617 corporate data breaches in 2013 alone, and this number will almost surely increase in 2014. The average costs of these included:
– $5 per customer in notification-of-fraud expenses (Each breach often involves thousands or even millions of customers.)
– $30 per card cancellation and associated credit monitoring on the behalf of customers
– $2000 per hour of forensic examination (This process can take weeks.)
– $500,000 legal defense fund in instances of major breaches
– $1 million on average for corporate settlements
– Another million dollars in terms of regulatory expenses and fines
These costs total out to over $5.5 million per each of the 617 companies that are breached each year.
At the end of the day, breaches on average affect 28,765 customers and cost a total of $188 per customer to repair the damage.
How Customers End up Paying for Data Breaches
Via Retail Outlets:
Retailers will often either directly pass the costs of breaches on to their customers via higher overall retail prices, or in cases where retailers collect insurance settlements, the insurers themselves will raise premiums across the industry and force diverse retailers to raise product/service prices anyhow.
Via Credit Card Providers:
Credit card companies and the banks they work with also make consumers pay for breaches by covering the costs of their fraud related refunds to victims with elevated fees and interests rates on credit to all consumers. This can total increases by as much as 7% per year.
What’s the Overall Economic Damage of Breaches?
On the whole, data breaches cost the entire U.S economy a massive $140 billion dollars per year in the form of direct costs to companies, costs to customers and increased tax costs for law enforcement efforts.
Additionally, it’s estimated that 500,000 jobs per year are lost as a result of data intrusion expenses.
Identity Theft
If all of the above expenses to consumers and the economy aren’t enough, there are also the costs of identity theft from data breaches (one of their major motivators).
These costs include:
– Victimization of some 66% of consumers whose data has been stolen
– Average individual losses of $9600
– For at least 10% of victims, the loss of a month or more of productive work time
Even when victims of ID theft have their costs covered by their banks and card providers, those banks and card companies pass the costs along to all consumers, as already mentioned above.
If you want to find out more about data breaches and identity protection in general, check out this excellent infographic from the professionals at Authentify, who collected all the data covered above.
About Authentify
Founded in 1999, Authentify, Inc. provides automated authentication services for many of the largest online business enterprises operating today. The Authentify service enables organizations to quickly and cost-effectively perform real-time, multi-factor user authentication during an Internet session. By leveraging the familiarity of the telephone networks, Authentify delivers an effective multi-factor authentication process that is practical for business and easy for end users.
[wp_ad_camp_5]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.