2014 Costs of a Data Breach by Industry
The average total cost of a data breach increased 15 percent this year to $3.5 million, according to the Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis.
But how does that average vary from industry to industry, each with different types of consumer information and different data regulations? Also, how do data breaches affect related industries, such as the insurance or banking sectors that must shoulder some of the subsequent costs?
One uniting factor in data breaches from all types of industries is the fact that the most costly data breaches were the result of malicious and criminal attacks, according to Ponemon.
Let’s take a look at the costs associated with each type of data breach, including retail, financial/banking, healthcare, and education:
Cost of a Financial/Banking Data Breach
- JPMorgan Chase was breached this summer, and while financial/banking firms do not always release their own financial details, they did mention their increased investments in security improvements will cost them $250 million a year with a team of people dedicated to leading them, according to the International Business Times.
- National industry groups, including the National Retail Federation (NRF), have lobbied Congress regarding fair and expansive cross-industry data breach standards. They argue that consumers have a right to know when they’ve been breached, regardless of where the risk arises.
Cost of a Healthcare Data Breach
- New York Presbyterian Hospital and Columbia University, reported in May 2014 - $4.8 million in government fees, without any insight into other costs such as legal or investigation fees. This is the largest HIPAA settlement to date recorded by the Dept. of Health and Human Services.
- Cignet Health Center was fined $4.3 million in October 2010, partly due to denying patient requests for their medical records and their failure to cooperate with the investigation.
- Consequences of a healthcare data breach also affect other industries, including $80 billion yearly to the public insurance sector caused by criminals fraudulently receiving healthcare services by stealing medical identities and pretending to be insured, according to MDEverywhere.com.
- While only the government fees are on record, other costs place the healthcare industry at the top when it comes to per capita data breach costs, followed by the education and pharmaceutical sectors, according to the Ponemon Institute.
Cost of An Education Data Breach
- A hacked server at the Maricopa County Community College (MCCCD) cost them upwards of $19.7 million, with $2.3 going to lawyer’s fees; $300k to records management; and another $17.1 million spent on consulting, repairs, more lawyers, notification and credit monitoring. Two class action lawsuits were also filed in April, seeking $2.5k for each affected individual, that’s 2.5 million total.
- The University of Maryland estimated costs of $6.2 million just in credit monitoring costs for students and staff affected by a data breach early this year. Adding encryption could raise costs to $20-30 million, in addition to consulting fees.
- Other places universities and educational institutions take a hit is with their reputation and with rising student tuition costs to deal with unexpected breach expenses.
Cost of a Retail Data Breach
- Target, reported in August 2014 - $148 million in associated data breach expenses, including legal, consulting and credit monitoring fees
- Home Depot, reported in November 2014 - $43 million so far in associated data breach expenses spent in one quarter, including identity protection services, credit monitoring, increased call center staffing, legal and other professional services, according to their quarterly SEC filing.
- Costs to other industries as a result of these retailer data breaches include heavy hits to the banks and credit unions. Credit unions spent $60 million in September after the Home Depot breach reissuing stolen cards, according to TheHill.com.
- According to a report from the Consumer Bankers Association, the cost of replacing credit and debit cards after the Target breach ran up a tally of $240 million.
- The real business consequences to a retail organization may result in a hit to customer loyalty and trust, with lower profits and more reputation control costs to manage than other industries.
Avoiding Catastrophic Data Breaches in the Retail Industry
In this guide, you’ll learn:
- New risks to the retail industry presented by cloud, mobile and Bring Your Own Device (BYOD)
- Business and compliance drivers for strengthening authentication security
- How outdated security solutions can no longer effectively protect retailers and consumers alike
- How implementing a modern two-factor authentication solution can work to protect the new IT model
Ideal for CISOs, security, compliance and risk management officers, IT administrators and other professionals concerned with information security, this guide is for IT decision-makers that need to implement strong authentication security, as well as those evaluating two-factor authentication solutions for organizations in the retail industry.