A Data Breach – Just Pocket Change

News Upcoming Webinars Trade Shows and Events Press Releases Newsletters Blog

A Data Breach – Just Pocket Change

I just read a really interesting article about the cost of data breaches. The average expenditure to rectify a data breach is now topping $3.8 million. The article I read, How much do data breaches cost big companies? Shockingly little, is the result of an analysis, published in Fortune. The analysis was written by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs.

According to Mr. Dean, despite that the Anthem breach is now approaching $111 million, Target at $10 million, Sony anticipates spending $35 million and Home Depot $28 million, and these sums are minor in the big scheme of things. The gist of the article is that these sums are just pocket change to these companies. “These numbers are likely not small enough to vindicate Sony Pictures’ former executive director of information security. In 2007, he told CIO Magazine that “‘it’s a valid business decision to accept the risk’ of a security breach…I will not invest $10 million to avoid a possible $1 million loss.” But Dean’s analysis does come alarmingly close to making the minimal effort-stance a defensible position.” For Home Depot, the $28 million “represents less than 0.01% of Home Depot’s sales for 2014,” Dean points out.

In his conclusion, “until corporations are held more accountable for these breaches—not with $10 million slaps-on-the-wrist—but with, well, he isn’t quite sure what yet, companies won’t make the big investments in information security needed.”

Although this is an interesting perspective, there are so many harmful impacts of a data breach, considering credit card theft, theft of health information, social security numbers, etc. The above is just an example of irresponsibility on the part of the organization and to blow off the cost at the expense of their customers and stakeholders.

I think organizations must act ethically, even if that means putting the appropriate security in place to protect their employees, customers, vendors, anyone they do business with. I think it’s a sad commentary. What do you think?

Concept Searching