Contact Center Solutions Featured Article

Quantifying the Unquantifiable: What Cost Comes with a Data Breach?

September 12, 2014

When it comes to data breaches, pinning down an actual dollar value can be difficult. It's not like it would be in the case of a physical breach, where actual things would be taken and the dollar value of said items can be easily compiled and reported. In some cases, a data breach results in nothing really missing; the data that was there is still there, it's just been accessed illicitly. But two separate studies have taken this topic to heart, and attempted to put a dollar value on the concept of a data breach.

One study came from the American Bankers Association (ABA), and a second similar study came from Kaspersky Lab. The two studies, surprisingly, came back with rather different figures, perhaps owing to somewhat different methodologies.

Kaspersky Lab's study started with over 3,900 different companies in the financial and other industries, and discovered a cost with an extremely broad range. Kaspersky discovered that the costs of a data breach—including things like consulting and legal fees and lost opportunity—ranged between $66,000 and $938,000 per breach.

The ABA, meanwhile, had different results based on what exactly was breached. For instance, the average loss per debit card used fraudulently was $331, while the average loss per credit card used fraudulently was up around $530. Despite this, however, debit cards were the most frequently used in terms of fraud, at nearly two to one; around eight percent of debit cards were used in fraud, while fewer than four percent of credit cards ended up likewise. But aside from the fraudulent use, there were also points of reissuing cards—around $11 per card for a small bank and $2.70 for a large one for debit cards, $12.75 and $2.99 respectively for credit cards—and even customer service calls, which run about $20 per call for all concerned.

Data breaches have a tendency to produce damage that goes beyond the immediate and the physical; certain intangible damage is done, like damage to individual careers and both corporate and individual reputations. There are issues of stockholder morale—where stockholders can get spooked and sell. And, there are customer morale issues to consider which can be difficult to put a dollar value on.

Worse is the impact of customer response. Kaspersky found that 43 percent of businesses would change banks completely after an instance of fraud, and 33 percent would move primary cash management services as well. Even if customers weren't directly impacted by a breach, 82 percent of customers said that leaving an organization that suffered a breach was a possibility on the table.

It's clear from both of these studies that there's a lot that goes into a data breach that needs to be considered. It's not just the value of the data that was taken—if it was actually taken in the first place or was just copied. It is also the value of cleaning up afterward, of protecting customers from potential shortfalls that said customers had no hand in, even shoring up security against future breaches later. The value of damaged reputations is also important, and that can be an even bigger loss than anything else.

Breaches have a greater impact beyond the dollar value, but all of the impact relates at least indirectly to the bottom line. Preventing breaches has an extremely high payoff potential, but it can be difficult—as these studies prove—to say just how high that payoff potential really is.

Where the contact center fits into all of this is in many ways right in the middle. As the frontline of transactions with opportunities for compromise, shoring up defenses in contact centers are one huge area where the cost of prevention surely out-weighs the cost of being attacked no matter whose study is the most accurate.

Edited by Peter Bernstein