When considering how much to invest in cybersecurity defenses, be sure to bear in mind the potential cost of a retail data breach. Poor security practices and a lack of appropriate cybersecurity defenses can cost a company dearly.

According to the 2018 Cost of a Data Breach Study by the Ponemon Institute/IBM Security, the average cost of a data breach is now $3.86 million. The cost of mitigating data breaches has risen year-over-year by 6.4% with a per capita rise in breach costs of 4.8% per compromised record. Data breaches are also increasing in size. Compared to last year, the average size of a data breach has increased by 2.2%.

The average cost per compromised record was $148 overall, with a retail data breach cost per record of $116. In addition to that breach cost, breached companies in the retail sector see a 2.1% increase in customer churn rate, according to the Ponemon/IBM study.

However, a study conducted by KPMG indicates the loss of customers can be far higher in retail. Its survey revealed 33% of customers would take a break from a retailer following a data breach that exposed their personal information and 19% of respondents would leave the retailer and never return. A HyTrust study suggests businesses may lose 51% of customers following a breach of sensitive data.

While large retailers could perhaps weather the storm, the loss of half of a company’s customers would prove catastrophic for many smaller retailers, many of whom would struggle with a loss of a fifth of their customers.

The bad news for retailers is hackers are targeting the industry to gain access to POS systems and the credit and debit card numbers of customers. Those attacks are also increasing.

The High Cost of a Retail Data Breach

A retail data breach of the scale of the one suffered by Home Depot in 2014 can cost hundreds of millions of dollars to resolve. The Home Depot data breach was massive. It is the largest retail data breach involving a point of sale system that has been reported to date.

The attack was made possible due to the use of credentials that had been stolen from one of the retailer’s vendors. Those credentials were used to gain a foothold in the network, privileges were subsequently elevated, and the Home Depot network was explored. The hackers managed to infiltrate Home Depot’s POS system and captured customers’ credit card details. The malware infection went undetected for five months between April and September 2014. During that time, the malware installed by the hackers allowed them to steal more than 50 million credit card numbers from Home Depot customers, along with 53 million email addresses.

In 2016, Home Depot agreed to pay $19.5 million to customers that had been affected by the breach, which included the cost of credit monitoring services to breach victims.

Home Depot has also paid out at least $134.5 million to credit card companies and banks, and this week, a further $25 million settlement has been agreed to cover damages suffered by the banks as a result of the breach.

The latest settlement amount will allow banks and credit card companies to file claims for $2 per compromised credit card number without having to show evidence of losses suffered. If banks can show losses, they will receive up to 60% of uncompensated losses.

The total cost of the retail data breach stands at around $179 million, although that figure does not include all legal fees that Home Deport will be forced to pay, and neither does it include undisclosed settlements. The final cost of the retail data breach will be considerably higher. It is already creeping close to the $200 million mark.

On top of that, many customers took their business elsewhere after the breach. There is, after all, not just the one DIY retailer in the United States.

For Home Depot, the cost of a retail data breach was clearly much higher than the cost of implementing technologies to monitor its vendors’ cybersecurity practices, scan for malware, and implement security best practices.

Other retailers should take note that while investment in cybersecurity comes at a cost, that cost will likely be just a fraction of the cost of mitigating a data breach.

How TitanHQ Can Help

For more than 2 decades, TitanHQ has been developing cost-effective cybersecurity solutions to protect businesses from malware attacks and data breaches. TitanHQ offers two powerful solutions that protect against attacks via email and the Internet – The main ways that access to retailers’ systems is gained and malware is installed.

SpamTitan is a powerful anti-spam and anti-phishing solution that protects the email channel and blocks phishing attacks, malware, botnets, viruses, and ransomware. The solution includes DMARC authentication, dual anti-virus engines, and sandboxing to allow email attachments to be analyzed for malicious actions in a safe and secure, contained environment.

The solution scans all incoming messages and has a catch rate in excess of 99.9% and works seamlessly with Office 365 to improve protection against phishing and other malicious messages. SpamTitan also scans outgoing messages to alert businesses to a potential account compromise.

WebTitan is a DNS filtering solution that allows retailers to carefully control the types of websites their employees can access. By exercising control over personal internet use, retailers can see improvements in productivity as well as increase security. Employees will be prevented from visiting malicious websites and retailers can block downloads of risky file types.

When used together, retailers can greatly improve their security posture. Further, TitanHQ operates a highly competitive pricing policy. Improving your security posture is likely to be much cheaper than you think.

For further information on both of these solutions, to schedule a product demonstration, or register for a free trial, contact TitanHQ today.

Lire cet article en français.