On a consumer level, the breach that Target suffered in the autumn of 2013 may feel like a distant memory due to the number of cyber security incidents that have proliferated since then. However, within the cyber security community, this story is as fresh as ever with new details regarding the outcomes still emerging regularly.
What’s New?
Earlier this year Target agreed to pay out the sum of $10 million to consumers involved in a class-action lawsuit against the retailer [1]. A small sum when divided between the tens of millions of customers that were compromised…and their attorneys. Though a target representative has said the company has seen “very low levels of fraud”. What is low when millions are involved – could your company survive a financial hit like this?
The total costs of the breach publicized by Target approximately sum in the neighborhood of $150 million [2]. Pretty hefty but considerably lower than earlier estimates, some of which were reaching the 10-figure range. Would a larger cost have led to a more elevated discussion on cyber security issues at-large instead of focusing on merely the consumer protection aspects?
Though Target is not breaking out the specific details regarding how they reached the total, one fact is clear: a portion of the hit is covered by the cyber insurance policy the company had in place.
The lesson here is that all these costs could have been lower or never incurred if the IT security professionals responsible for a company’s IT infrastructure put in place better precautionary measures to secure their technology and data. Is your enterprise properly secured?
Is your company’s leadership hearing the message yet? How many warning bell incidents at other companies must occur before one catches their attention? When does it hit your company?
References
[1] http://www.marketwatch.com/story/targets-10-million-payout-to-consumers-...
[2] http://www.marketwatch.com/story/targets-10-million-payout-to-consumers-...
