The Cost of a Retail Breach Is More Than Monetary
There’s no doubt that data breaches can have a huge financial impact on retailers. For example, Target has reported that it incurred breach-related expenses of $4 million in the fourth quarter of 2014 and full-year net expense of $145 million, which reflects $191 million of gross expense partially offset by the recognition of a $46 million insurance receivable.
But security incidents such as hacker attacks can also cost merchandisers in the loss or damage of customer trust. This erosion of brand trust and damage to reputation can in turn lead to decreased revenue until a retailer regains consumers’ trust.
The average cost of a data breach has reached record levels, according to research firm Ponemon Institute's, “2015 Global Cost of Data Breach Study: Global Analysis.”
The study of 350 companies in 11 countries, sponsored by IBM, shows that the average consolidated total cost of a data breach is $3.8 million, representing a 23% increase since 2013. The report also found that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased 6% from a consolidated average of $145 to $154.
Retailers have seen their average cost per stolen record rise dramatically, from $105 last year to $165 in this year's study.
3 causes of increasing costs
Based on the research, Ponemon identified three major reasons why the cost keeps going up: cyberattacks are increasing both in frequency and the cost it requires to resolve the security incidents; the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost; and more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management.
Costs associated with lost business are steadily increasing, the report notes. This includes abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished good will. The average cost associated with lost business has increased from $1.23 million in 2013 to $1.57 million in 2015.
Lost business from breaches
As research firm Forrester notes in its report, “Understand The Business Impact And Cost Of A Breach,” released in January 2015, “After a breach, there will be many costs associated with winning back customers and rebuilding customer loyalty, all of which can vary widely depending on your business and industry.
“Typically, banks and hospitals are affected the least here, since consumers are averse to the hassle of changing from one bank or hospital to another,” the Forrester report says. “Retailers, restaurants and hotels may see greater fluctuations as consumers can more easily take their business elsewhere. B2B companies can face brand costs in the form of delayed contract agreements and lost business as well. Most organizations have a good idea of how much it costs, on average, to acquire a new customer as well as average spending per customer, and can thus extrapolate the total recovery costs and lost revenue.”
Decreasing the damages
Retailers that have been affected by a security incident can take action to reduce the loss of customer trust and brand reputation.
For one thing, they need to keep customers and the general public informed about any breaches and what they are doing to address the situation and minimize the impact on consumers.
Research services firm Qualtrics surveyed more than 500 American consumers earlier this year. It found 84% of those surveyed said the best way a company can regain their trust after a breach is to notify them right away and provide a high level of contact. In addition, 92% of the survey respondents think a company should be required to report a data breach to their entire customer base, regardless of breach size.
Restoring customer confidence
Another requirement is to minimize the damage. How quickly and effectively a retailer responds to the initial attack can make a huge difference in terms of the long-term damage. If customers see that a company is making every effort to keep data loss to a minimum, that could help restore trust in the long run.
Facing security flaws
After the damage from an attack has been controlled, retailers must take the necessary steps to prevent such breaches from happening again. While no organization can guarantee that it won’t suffer a hacker attack or other security incident, companies can address the specific weaknesses and other shortcomings that led to the initial data breach in the first place.
Some customers might always be a bit cautious when doing business with a retailer that has been hit with a breach, especially if they have had their own data exposed. But with proactive, effective responses to security incidents, retailers can go a long way toward keeping the trust of their customers.
Gain a greater understanding of emerging security solutions and how they can help you be prepared with effective responses to security incidents. Get in touch with Insight at 1.800.INSIGHT if you’re looking for a single-source partner. We operate with proven strategies and access to leading software providers, so you'll reap the rewards of a lean, scalable and cost-efficient process. We're not just experts in the security and software you need to create a modern retail experience — we're also experts in hardware, implementation, integration and management.