Earlier this week, Target struck a deal with Visa to reimburse thousands of financial institutions around $67 million dollars for costs resulting from the company’s 2013 data breach. These costs included reissuing credit and debit cards and handling an increased number of customer inquiries. Target is expected to reach a similar deal with MasterCard.
Target’s Visa settlement is an interesting one. Historically, credit card companies and banks have considered reissuing cards and removing fraudulent transactions from consumer accounts a cost of doing business. This mentality is rapidly changing as high-profile, high-impact data breaches continue to occur.
Businesses are finding there is no escaping the increasing threat of data breaches and associated costs. A May 2015 Ponemon study found that the average cost of a data breach increased to $3.8 million this year, up from $3.5 million in 2014. These costs include the obvious ones – IT personnel to address the security flaw that led to the breach, hiring customer service representatives to address customer concerns, costs associated with notifying and providing identity protection to impacted individuals. There are also some not-so-obvious costs like lost revenue, class-action lawsuits and resignation of key employees.
It’s not all doom and gloom for businesses when it comes to data breaches. The same studies that look at the cost of data breaches have also found there are ways to minimize these costs:
- The Ponemon study found a relationship between how quickly the business identifies and contains the breach and its financial consequences. The longer it takes a company to identity a breach, the more costly it will be to resolve.
- Ponemon also found that business continuity management plays a key role in reducing the cost of a data breach. Having business continuity management involved in the remediation of the breach can reduce the cost of response by an average of $7.10 per compromised record.
- Lost customer revenue is often the most severe financial consequence for a breached business. Businesses that plan ahead and have a clear customer response plan in place prior to being breached fare better than businesses that don’t. Identity protection should be a part of any customer response plan.
With the constant influx of new security threats and vulnerabilities, businesses need to be prepared to respond and address these threats and as data breach costs continue to rise, the stakes become even higher. Focusing on security, implementing business continuity management and having a breach response plan in place can take a bit of the edge off the financial sting of a breach.