It should come as no surprise to anyone that data breaches are becoming far more common. Of course, when an individual looks at the current state of the economy and world-at-large, it is obvious that the uptick in cybercrime is directly related to the ubiquity of technology surrounding everyone at all times. While credit cards are not a new concept – the first one in theory was available in the 1950s – it is safe to say that the increasing prevalence in data breaches is more related to retailers, financial institutes and other businesses relying on outdated security systems and strategies despite their use of modern day technologies such as the cloud and analytics.
Unfortunately, cybercrime will only become more pervasive and sophisticated. However, that should not deter anyone from using new technologies because with the proper security measures in place, credit card data and consumers’ personal information can be kept safe. If any retailers or business are still questioning whether they need to work with security professionals and tools, they should take a look at recent statistics and the costs that organizations face after experiencing a data breach.
“The Target data breach resulted in the company losing $148 million in the second quarter of 2014 alone.”
Let’s look at Target. While retailers might have heard this thread being spun many times in recent months, a refresher course on the impact of that data breach on Target might serve as a welcome wake up call. Immediately following the Target intrusion, the company witnessed its stock drop by 78 cents, The New York Times reported. For a small retailer, stocks are not so much an issue, but it does affect the long-term strategy of an organization. Every business, however, will have to start spending and losing revenue immediately. According to the source, the total effects of the Target data breach resulted in the company losing $148 million in the second quarter of 2014 alone.
“I don’t see how they’re getting out of this for under a billion, over time,” John Kindervag, the vice president and principal analyst with Forrester Research, told The New York Times.
Division of costs
Those losses only took place over a single quarter, which tends to be the period when the brunt of the costs associated with a data breach are experienced. What is driving those high costs? A plethora of factors, each with their own percentage of impact on spending. IBM’s Security Services recently analyzed the 1.5 million cyberattacks that took place in the U.S. in 2013 and found that there are six categories that businesses can expect to invest in if they lose the credit card information of their customers:
- Reputation and brand damage: 29 percent
- Lost productivity: 21 percent
- Reduced revenue: 19 percent
- Forensics: 12 percent
- Technical support: 10 percent
- Compliance regulations: 8 percent
Let’s break these down and analyze some more specific in each category to provide a better idea of how data breaches can severely impact a retailer.
Loss of credibility, reputation and, therefore, revenue
Obviously, any retail customers are going to become more hesitant to shop at stores that have a history of losing information. While it makes sense, what are the actual facts? According to a CreditCards.com report, 45 percent of credit and debit card holders said they would “definitely” or “probably” not shop at a retailer that lost personal information. That statistic means that even if someone was not directly affected, they will still be hesitant to spend money at that store ever again. The average cost of lost business is now around $3.2 million because of reputation losses, according to the Ponemon Institute.
Forensics, customer service and fines
While the impact on business seems severe, retailers need to consider the cost of cleaning up the data breach. Retailers need to hire a firm to investigate the cause of the intrusion, alert the press and consumers about the theft of credit card information and pay an agency to monitor credit card accounts for fraudulent activity.
“To monitor their credit, a company will spend between $10 and $30 per individual per year.”
Audit services, crisis teams and investigations can result in an average cost of just under a half of a million dollars, according to the Ponemon Institute. However, this number varies based on the number of individuals impacted. One cyber insurance company, Zurich, found that on average businesses will spend $174 per record. Then to notify customers, it will cost between 50 cent and $5 for each person affected. Finally, to monitor their credit, a company will spend between $10 and $30 per individual per year.
Retailers also need to consider regulatory fines. The Zurich report identified that breaking PCI compliance regulations can range from $5,000 to $100,000 per month. However, if business comply with the PCI standards, the fines could be reduced, stressing the importance of working with a PCI compliant organization.
There is no denying the massive financial cost of a data breach on a retailer or any business. The leaders of these companies need to step up, take initiative and find solutions to preventing intrusion attempts sooner rather than later.
Does your business need to prevent or respond to a data breach?