The Price Tag for a Digital Commerce Data Breach is Larger Than You May Think
Mark Stibbe
In 2014, the words “data breach” held a very heavy weight.  Often referred to as the year of the Mega Breaches, a staggering 1 billion records were compromised by cyberattacks across a myriad of industries.
  • JPMorgan Chase unintentionally exposed the names, addresses, social security numbers and other personal data from 83 million account holders – and that from a company that spends over $250 million annually on cybersecurity;
  • Sony Pictures saw attackers destroy data and leak information regarding employee payroll, severance package figures, performance reviews, executive salaries and even email exchanges regarding some of Hollywood’s elite; and
  • Community Health Systems had private patient information of more than 4.5 million records stolen and leaked in an attack that spread across 28 US states and caused a surge in additional healthcare systems to be targeted.
And retail surely was not immune.  Home Depot unwittingly saw a total of 56 million credit and debit card records stolen and personal information on an additional 53 million people exposed in a firewall intrusion that lasted an entire week.  Target and eBay also had similar attacks and all incidents were traced back to a third-party vendor. What’s perhaps the most startling of these cases is the amount of time, money and process that each of these retail giants had put into place to guard themselves against such a threat.  These are not victims of a faulty server in a back room of a convenience store.   These are major industry players which in turn make them the most enviable to penetrate by an increasingly skilled underworld of cyber hackers. So here we are.  3 years later.  Surely as an industry we have become more resilient to attacks like this.  But alas, 2017 has already seen IHG, VeriFone, Saks Fifth Avenue, Chipotle, the world’s largest airline reservation system (Sabre), Brooks Brothers, Kmart, even Arby’s.  If consumers have to be weary when sinking their teeth into a delicious roast beef sandwich, something needs to change. When you look at the costs of a data breach, the financials are easy to define.  An average of $170 per record or $4.77 million per incident.  Painful.  But consumer loyalty may be the biggest pain of all.  According to a Global Customer Sentiment Survey by SafeNet Inc. 80% of respondents would unlikely do business with a company that has suffered a breach that included financial information.  It’s not a whole lot better if you remove the financial information with 57% saying they would take their business elsewhere.  And those stats don’t even include those that were left on the fence – which would add an additional 14% and 30% respectively. So there lies the fear.  Sitting atop the table.  But what can you do to best safeguard yourself against an incident occurring within your organization?  Truth is, there is a higher likelihood that there is nothing you can do within your own internal systems.   Research shows that as many as 63% of all data breaches are actually caused by security vulnerabilities introduced by third-party vendors.  And the same research shows that 58% of organizations have no confidence that their third-party vendors are securing and monitoring privileged access to their networks. The good news?  It’s fixable.  As an industry we can change that together.  Click here to download GroupBy’s The SOC II Mandate white paper to learn more or send us a note at