Data Breaches: Why the Costs Matter

By   ISBuzz Team
Writer , Information Security Buzz | Sep 02, 2014 06:05 pm PST

Our world is the world of the data breach. Every week, it seems that the news of an attack floods the media. Despite the frequency of these incidents, however, some companies refrain from creating a strong security program because they feel they are successfully protecting their information. This leaves many organizations with no remediation plan in the event of a breach.

FREE Download: Five Costly Data Breaches And How YOU Can Prevent Being Next

In today’s world it is important to be aware of the risks associated with a breach. Towards this end, the costs of a data breach are discussed in detail in this post. The first section breaks down the data breach into three separate cost areas—legal costs, fines, and reputation loss. The second section (provided in the link at the end of the article) analyzes the five costliest data breaches in history. It also offers some tips on what can be done, as offered by Hexadite and its Automated Incident Response Solution (AIRS).


The costs of a data breach can be divided into three separate sub-categories: legal costs, fines, and reputation loss.

1.) Legal Costs – Organizations are responsible for protecting their customers’ data, including any personally identifiable information and financial records. If a company suffers a data breach and is discovered to have integrated inadequate security solutions into its IT infrastructure, the business could be held liable for the breach. Take the 2014 eBay data breach that affected around 145 million users’ accounts. In July of this year, a number of users filed a class action lawsuit against the online auction site. It is expected that it will cost eBay upwards of $5 million to resolve these disputes alone.

2.) Fines – Depending on its industry sector, a company whose data is breached might be required to pay fines. For instance, following a breach in 2010, Affinity Health Plan, a New York-based managed health care provider, was forced to pay a fine of $1.2 million due to its liability under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). Different sectors set varying standards and regulations for data security. Lest they violate those guidelines, it is important that organizations value compliance and do everything in their power to avoid a data breach.

3.) Reputation – Reputation loss is oftentimes overlooked as a cost of a data breach. However, it is perhaps one of the greatest and, if the remediation process is mishandled, potentially the most enduring consequence of a breach.

Executives value the reputation of their organizations; reputation equates directly to the value of that business’ brand. Indeed, in a 2011 study entitled “Reputation Impact of a Data Breach”, Ponemon Institute surveyed 843 executives and asked them to estimate the economic value of their organizations’ reputations. The range of responses ranged from $1 million to greater than $10 billion, with an average at $1.5 billion. Clearly, reputation is one of the greatest assets companies stand to lose as a result of a data breach. Executives fear that if an incident such as a breach damages their companies’ reputations, existing customers and potential clients might take their business elsewhere. This loss of business could plague them for years. In the worst case, it could even mean insolvency for that organization.

These fears are not unfounded. Studies show that about 64 percent of Americans are more likely to pay with cash at large retailers if these companies report data breaches. This could mean a substantial loss for those companies, particularly for their e-commerce reports. Moreover, in a study that surveyed Target customers following the retailer’s 2013 breach, 35 percent of respondents stated that they now shop at Target less or not at all as a result of the incident. The economic toll of this finding cannot be over-emphasized.

Damage to one’s reputation tends to not be permanent, and companies can mitigate any reputation loss by being upfront with their clients and customers if and when a data breach occurs. Nevertheless, these measures do not change the fact that customers are likely to hold a breached company responsible for their compromised information, a viewpoint that will lower that company’s projected profits.

Based on the costs described here, I have complied a list of the 5 biggest data breaches and thereafter discuss a solution to prevent you and your company from being hacked! Learn more here:

David Bisson | @DMBisson

david_bissonDavid is a graduate of Bard College, having received a B.A. in Political Studies. He is very interested in cybersecurity and completed his senior thesis on the U.S. military’s integration of cyber power. Currently, he works as the Editor for Information Security Buzz and the Media Coordinator at the Hannah Arendt Center for Politics and Humanities at Bard College. Going forward, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x