How consumers foot the bill for data breaches

Data breaches are almost always expensive and somebody always ends up paying those expenses somewhere down the line. Either because they were affected directly and have no one to pass the costs onto or because they had the costs passed onto them by someone else.

This applies to breaches on corporate, government or individuals’ data. However, some of the most expensive hacks that do occur regularly are typically those affecting major companies. One excellent example, which we’re about to break down for you, is the Target retail store breach of December 2013. In this particular case, hackers stole 40 million credit card records from the company’s databases. Let’s see what Target’s becoming a target cost.

In December of 2013, the retail giant Target got hacked and saw 40 million credit card records belonging to customers get stolen by thieves. The costs of this were enormous and broke down in the following ways:

• Severance for the resigning CEO amounted to 15.9 million dollars alone.
• 1 billion dollars in regulatory fines for negligence to the government.
• A whopping 2.2 billion dollars in fraudulent credit card charges that had to be refunded by the company for losses from those 40 million card accounts.

To top things off nicely, the retail chain also suffered a further 440 million dollars in revenue losses during 2014 so far as a result of lowered consumer confidence from the hacks. The case of target is just one single, though very large, example of a corporate data breach and its costs. These breaches happened on 617 other occasions in 2013 alone and will likely increase even further in 2014.

The average costs of these 617 other breaches are hefty too and break down as follows:

• $5 dollars per customer notification multiplied by millions of customers in total.
• $30 per card cancellation and related monitoring of credit PER customer.
• $2000 per hour in forensic examination and data security analysis costs (which amount to an average of hundreds of hours per breach)
• $500,000 per breach in legal expenses.
• 1 million dollars per breach in corporate settlement costs.
• Another 1 million dollars per breach in regulatory fines or related expenses.

These costs total up to some $5,400,000 in expenses per breach and some of them can be much more expensive than that. Also, there is the fact that for each of these breaches, an average of 28,765 customers get affected at a cost of $188 per customer in basic compensation. Yet even all of the above doesn’t reflect all of the diffuse costs of data breaches in the economy!

How Customers pay, directly or indirectly

Via retail stores – Retailers who get hammered by the costs of a data breach will pass this expense on to their customers either directly or indirectly. They can take the direct route by simply charging more overall for their services and products or, if they have data theft insurance, they can have their expenses covered by the insurer who then passes those payouts onto all of its clients and causes an across the board increase in prices in a given industry.

Via credit card providers – Credit card providers and partner banks perform the same trick on consumers as their retail counterparts. While they cover the costs of refunding fraud charges that stem from data theft, they then also pass those costs onto everyone who uses their services via higher fees and interest rates, to the tune of as much as 7% per year.

Diffuse economic damage – Finally we come down to the more insidious and diversified overall costs of data breaches. It is estimated that these total up to $140 billion dollars in losses per year in the U.S alone and include the costs of increased taxes, direct costs, fees, rates, productive time losses and prices among other hidden expenses. The further effect of these 140 billion in dollar losses is an estimated 500,000 jobs per year that are lost by workers.

Identity Theft – Finally, if all the above weren’t enough, there is also the massive nuisance of identity theft. This too costs time and money in the following ways:

• The victimization of some 66% of affected customers whose data was stolen.
• Average costs of $6,900 and lost productive time on top of that.
• A loss of over a month of productive time for some 10% of victimized individuals.

Furthermore, as we already explained, even if credit card companies or retailers cover these expenses for their customers, they pass them down to all customers in hidden raised fees or prices.