Did you ever think that the potential cost of a security breach is overstated by those who want to sell you security software or services? Well, no matter how you add it up, the potential cost to Target during the holiday shopping season is going to be huge. Depending on the analyst and the assumptions they’ve used, it could be anywhere from $.5 to $1 Billion.
And these are estimates of only the money that Target will have pay banks for reissuing credit cards (between $5 and $10 for each reissued card), credit monitoring services, and fraudulent purchases! Banks are going to look to Target to pay at least some of those costs. It also doesn’t include lost business, loss of reputation, and goodwill!
Tom Webb, who reports on retailers for the St. Paul Pioneer Press, adds it up this way. Fraud is being found on approximately 10% to 15% of the stolen credit cards. An analyst for Jeffries Group (a Wall Street investment bank) to whom Webb talked, Daniel Binder estimates that between 4.8 to 7.2 million cards could ultimately be used fraudulently. Based on an assumption of an average of $300 in fraud losses per card, this would be a total of $1.4 to $2.2 billion in fraudulent losses.
Banks that issue the cards are ultimately responsible for the fraud, but the banking industry will demand that Target cover some of the losses. Binder estimates that Target will pay somewhere between 30% and 50% of the loss. This means it could cost Target somewhere between $1.4 and and $1.1 billion.
And dozens of lawsuits have already been filed against Target. These include smaller banks that want a higher recovery rate from Target. Many of the suits are seeking class-action status.
Binder has also lowered his earnings projections for Target and thinks that the breach will force Target to change some of it’s strategic plans including repurchasing $4 billion of it’s stock. On January 30 of this year, Target stock was trading at a 20-month low.
Anyway you look at it, this is a major hit to Target. They are big enough that they can weather the monetary hit. The bigger question, perhaps, is whether they can regain the trust and goodwill of their shoppers. This would be a much more adverse long-term blow if customer loyalty fails to bounce back and or fails to do so quickly.
Now most companies out there are not the size of Target. The order of magnitude might be hard to fathom. But think of the hit to smaller companies. Two orders of magnitude smaller would be $10 million. How would that impact a $100 or $50 million a year company? And again, we are only speaking of direct financial cost, not the potential blow to the business in terms of lost sales and customer trust.
So, it turns out that information security — or lack thereof — can have a significant effect on a company’s bottom line. Maybe more business’ will start to focus a little more on security as a result of this high-profile breach. I hope so. I fear not.
A huge portion of the cost of this breach is borne by Target. I hope it is a wakeup call for all retailers taking el
electronic debit, credit, heck payment. It is time for a security standard that
a retailer can be measured to show their security risk. A customer.making
any electronic payment could see the retailer security level before they
ever scan a card.