Thursday, August 16, 2007
How Much Does a Mega-Breach Cost?
According to this article from Computerworld TJX has announced that the costs of a massive 45 million+ record data breach could reach over $150,000,000. While certainly a significant amount of money (I know my net worth doesn't even approach $150,000,000) the figure given by TJX is actually significantly less than I would have expected. When taking into account the magnitude of the breach, the per record cost given by TJX is only about $3.30. That's orders of magnitude lower than the $182/record average cost given by the Ponemon institute described in this article. While it's possible that larger breaches have lower cost/record numbers (something like buying in bulk), my guess is that $150,000,000 is something of a lowball estimate. However, even at $3.30/record, a breach like the one which hit TJX isn't cheap, and even the $150,000,000 figure is likely to spur some long overdue emphasis on information security.