Please Steal My Data

by Robert Driscoll on July 23, 2009

“Please Steal My Data” That’s in essence what you are telling hackers without the proper security technologies in place in your business. In today’s marketplace, many companies are dealing with shrinking budgets and trying to cost-justify investments in security appliances.
Every company wrestles with what the financial return on investment (ROI) is for purchasing security technology to protect their critical data. With the rise in malicious code threats growing over 160% from 2007 to 2008 alone (over 1.6 million), this is not an area that should be overlooked. While each company’s network is unique along with their security requirements, they can still learn from other companies mistakes in not only securing their data and networks, but also in understanding what the financial impacts could be if you neglect this area.

Take for example when TJX (owner of TJ Maxx, Marshalls, HomeGoods and other retail chains), who has over 2,000 retail stores in the US and Canada, had their payment systems hacked from May 2005 to December 2006 (or longer). During this period, over 94 million of their customers’ credit card information was obtained. (Letter from the CEO)

Even though TJX was certified as being PCI (payment card industry) compliant, the hackers still managed to find a flaw in their network, in this case, by intercepting unencrypted data that was transmitted wirelessly between handheld payment scanners. Once they had access to the payment scanners, they were then able to gain access to TJX’s database which eventually led them to their 94 million customers. When this security breach became public, TJX was hit with several lawsuits from their pension fund holders, banks, Visa and MasterCard. In the end, this “incident” cost TJX over $57 million, $40 million of it from Visa alone to help them with the cost of re-issuing all the cards. Several analysts, including Forrester Research, “have estimated TJX’s costs could run as high as $1 billion, including legal settlements and lost sales.”

While it might be hard to compare your business to a $15 billion company like TJX in trying to determine your security risk and the costs associated with a breach, a study from the Ponemon Institute can help shed some light on what the possible cost is. Their study, released in February 2009, showed that, “data breach incidents cost U.S. companies $202 per compromised customer record in 2008. Within that number, the largest cost increase in 2008 concerns lost business created by abnormal churn, meaning turnover of customers.”

To every company, the value of their brand, in financial terms, is invaluable, but a data breach could cost millions of dollars or could completely put the company out of business. What will your company be worth then?

Related Articles

Previous post:

Next post: