The Immutable Truth of Data Breaches: They Will Cost You

- March 13, 2017

Home Depot last week settled with a major card providers that had to issue new debit and credit cards to customers following the retailer’s massive breach back in 2014. Home Depot agreed to pay damages of $25 million.

“We’re pleased to have moved through this phase of resolution,” Stephen Holmes, a spokesman for Home Depot, said.

But the $25 million does not tell the whole tale. The retailer had already settled compensation paid directly to the 50 million customers affected, to the tune of $19.5 million. That is in addition to the figures reported by Forbes from court documents that total $179 million, though the final total is likely to be much higher “because of legal fees and any other undisclosed payouts,” Forbes reporter Jeff John Roberts wrote.

Breaches consistently have proportionally large price tags. Retailer Eddie Bauer is reportedly facing a lawsuit of an undisclosed amount from a credit union that had to issue new cards and credit monitoring following a breach.

Target, following its massive breach, had a years-long recovery that racked up a widely varying estimate of costs, some as high as $300 million, including court fees and recovery services.

But it’s not only retailer giants experiencing breaches. The important point to note is whether or not your company can afford it, breaches cost. And the costs can seriously hurt future business.

The recently released Cisco Annual Cybersecurity Report found that businesses of all sizes experienced losses from a breach. Nearly one-third of survey respondents report losing revenue. Of those that did lose revenue, 38 percent reported losing more than 20 percent of total revenue. That is a large blow to any business, but especially those in the small or medium size.

The bottom line is, breaches cost. No matter the size of the breach, it’s going to cost money to do retrospective forensics, issue new cards to customers, provide credit monitoring, and so on.

They might be common to the point where we have all become numb to the incessant headlines, but it’s a worthwhile effort to audit third-party vendors and make sure a disaster recovery and response plan is in place before the inevitable happens.


Feature image: Fabian Blank,