There are few things more damaging to a business’ bottom line than a data security breach. Companies that get hacked can expect to pay big time from not only the damage itself, but also reduced future revenue from the harm to its reputation. These costs will only continue to rise as regulators are playing a bigger role in making sure companies do a better job at protecting sensitive data.
There may be no better example of the impact of a data security breach than the one that hit Target back in December 2013. Lax network security protection was likely the biggest factor that led to the theft of credit card information from millions of customers.
According to Computerworld, Fazio Mechanical Services (FMS), an HVAC company, had access to Target’s network so it could remotely monitor cooling systems at several stores. Hackers somehow obtained login credentials FMS used to access the network.
According to information filed by Target back in 2014, the impact of the breach was very damaging to the company. In the second quarter of 2014 alone, the giant retailer reported $148 million in costs. A Forrester Research analyst interviewed by the New York Times claimed that the costs over time would likely approach the $1 billion range.
Insurance only covered $38 million of the $148 million total reported and the company’s earnings and stock price also took a hit. Over 100 million customers’ personal data or credit card information was compromised. The costs of litigation and offering free credit monitoring to affected customers were major components of the total costs of the breach.
Hackers show no signs of letting up. Kaspersky Labs reported in December 2014 that in the previous year there were more than 4,400 corporate sector targeting cases from cyberattacks globally. That was more than double the total of 1,800 such cases from the year prior to that.
The federal government is also not letting up. According to the Wall Street Journal, the Federal Trade Commission (FTC) was pursuing over 50 cases related to data security as of August 2015.
A recent decision by a federal appeals court effectively gave the agency the green light to go after other companies for having lax data security. That case dealt with a security breach involving hotel corporation Wyndham Worldwide where over 619,000 credit and debit card numbers were stolen.
As these cases clearly demonstrate, the impact of a data security breach can be devastating. The costs of litigation, damage to a company’s reputation, and fines imposed by regulatory agencies make the immediate costs of a breach pale by comparison.
By spending a little more on data security, companies can avoid these costs without losing profitability. This means buying quality security software solutions, designing networks to be harder to compromise, and adopting best practices. Skimping on security to save on upfront costs is a short-term smart, long-term stupid strategy that can put many companies out of business.
