Data breaches are costly things, no matter who they affect. Whether we’re talking about a hack against a corporate database, government network or a private individuals personal finances and other information, there will be a price to pay.
However, when it comes to breaches against governments and corporations in particular, that cost is often at least partly passed on to others. This is unfortunate because, for one thing, attacks on corporations are some of the most expensive there are and, secondly, because the others in question are often consumers who are unaware of just how much of the bill for corporate data breaches they’re footing wither directly or indirectly.
Let’s go over some of the actual numbers, starting with a single specific corporate case study.
The Case of the Target Breach
In December of 2013, the retail giant Target became the target of a massive criminal data theft in the form of more than 40 million stolen credit card records.
This breach not only cost the company a lot of prestige it also severely affected their bottom line.
For starters, the severance costs for the Target CEO alone were to the tune of 15.9 million dollars, but this sum, as large as it seems, completely pales in comparison to the 1 billion dollars in fines to the government that the company had to pay for negligence and the 2.2 billion dollars in fraudulent transactions it also had to refund to its affected customers.
On top of both of these expenses, there was also the matter of 443 million dollar in lost sales revenues for the time leading up to now after the breach. Customers didn’t trust the company to buy there as much as they had before.
This is just one specific example, out of 617 others that occurred in that same year, though most of them weren’t nearly as massive as Target’s case, they were still costly on average. Here are the numbers to show by how much.
The Cost of the Average Corporate Breach
- $5 per customer per notification of fraudulent activity and compromised data (each breach can involve thousands of customers)
- $30 per card cancellation and related credit monitoring for the customer
- $2000 per hour of forensic security analysis (each breach can involve hundreds of hours of this expense)
- $500,000 per legal defense fund for each corporate breach
- $1 million in total corporate settlement costs
- And finally, another million dollars in regulatory fines and expenses
These costs total up to more than $5,400,000 dollars per major corporate data breach on average and reflect only the most direct of hacking related expenses on participants in the economy. Also, bear in mind that on top of the above, an average of 28,765 customers are affected per breach at a cost of $188 dollars per customer.
How Customers Pay for All This
Retailers will often make their customers pay for the costs of the breaches the company suffers. They’ll either do this by simply raising overall prices for goods and services directly or, if they have fraud insurance, they will have their insurer foot the bill and that insurer will in turn raise premiums across the board thus causing the retailer and others in its industry raise their overall product prices anyhow.
Credit Card Providers
Credit card companies and their partner banks also make consumers pay for breaches that were aimed at corporate clients by raising everyone’s interest rates and usage fees, to the tune of as much as 7% per year.
Then There’s the Overall Damage Breaches Cause
Aside from all the direct expenses already covered above, data breaches also have a much wider indirect cost on the U.S economy. This amounts to a whopping 140 billion dollars per year in the form of direct costs to companies, costs to customers, increased taxes and lost productive time in dollar terms.
Because of these enormous costs, it’s estimated that some 500,000 jobs per year are lost to criminal data breaches.
And if all of the above figures weren’t enough to worry you as a consumer, there is the insidious problem of hacking related identity theft to also contend with.
This problem carries its own costs in the form of:
- Victimization of 66% of all customers whose information has been compromised.
- Individual average losses of $9600 per customer as well as lost productive time.
- The loss of a whole month or more of productive work time for some 10% of customers.
Even in cases where ID theft victims have their costs covered by their bank, credit card company or the affected business that lost their data, those costa are passed on to others in the way we already described above.
Now, if you want to know even more about data breaches and how you can actually fight them as a business or an individual, we recommend this excellent infographic that also covers the above information and the related services of the company that created it, two factor authentication experts Authentify.