The last 12 months has seen a huge surge in the amount of data breach news, much of which has impacted the retail sector and credit card users. Target, Home Depot and Staples have hit the headlines for all the wrong reasons and TripAdvisor also joined the breach party when it admitted that 1.4 million customers using its Viator booking site could have had their credit card details exposed. Although these breaches only amount to payment card breaches, the cost they have generated is huge. That cost is likely to continue to rise as class action suits are filed and the reputational harm, which cannot be predicted or measured, starts to bite.

Global estimates of the cost of cyber crime, be it cyber dependent or cyber enabled, vary, and the cost of credit card breaches will feature heavily in this statistic. While the estimates may vary, they all agree that the cost is in the high billions of dollars and rising. The UK Home Office cyber crime report, ‘A Review of the Evidence’, suggested that only around 2 percent of cyber crime is actually reported. While we can only assume that this is a strong estimate, given the level of cost associated with this single digit level, any growth could be commercially disastrous. It will always be difficult to obtain the actual cost figures since many businesses, understandably, are reticent to talk about data breach. The reputational harm caused by a breach goes way beyond what a cyber insurance policy can cover – but are organisations effectively assessing the risk from reputational damage? And if they are, are these risks recognised and owned at C-suite level or are they buried in an IT department? ‘The Exposing Cyber Security Cracks 2014’ Ponemon Institute report stated that 80 percent of business leaders did not equate a data breach with a potential loss of revenue. This claim calls into question the loss of revenue Target, Home Depot, Staples and TripAdvisor must have experienced, above and beyond the reputational damage.

Jan-Mar 2015 Issue

Advent IM Ltd