As part of its earnings report for the fourth quarter and full year of 2014, Target recently stated that the 2013 data breach that exposed approximately 40 million customers’ payment card information caused a total of $145 million in breach-related expenses in 2014.
That number reflects an actual total of $191 million in gross expenses in 2014, which was partially offset by $46 in compensation from insurance.
In 2013, Target spent $61 million on breach-related expenses, offset by a $44 million insurance receivable.
In total, that’s $162 million so far, with expenses continuing to accrue.
Steve Hultquist, chief evangelist at RedSeal, said the lesson to be learned from Target’s announcement is that companies have a simple choice: invest now, or pay later.
“Consider the ROI for even a very significant investment in proactive security analytics and process improvements that could have blocked the breach before it even started,” Hultquist said. “The lesson for other organizations is clear: you are under attack. Making strategic investments now is a wise preventative measure to keep your organization and your customers safe.”
And that message appears to be spreading — a recent survey of IT and IT security practitioners conducted by the Ponemon Institute and sponsored by Identity Finder found that while only 13 percent of respondents felt senior management was extremely concerned about the threat of a data breach prior to the disclosure of the Target breach, that number jumped to 55 percent following the Target breach.
Eric Chiu, president and co-founder of HyTrust, told eSecurity Planet by email that major breaches like those at Target, Sony and Home Depot can have a real impact on the bottom line. “The $162 million spent so far by Target is just a drop in the bucket given the class action lawsuits by consumers as well as the recent court ruling that banks can go after Target to recoup their losses,” he said.
“When all is said and done, the cost of the breach could reach over $1 billion,” Chiu added. “That should serve as strong evidence that companies need to make security a top priority — especially around insider threats, which is how most breaches are happening today.”