Researchers Struggle to Determine True Cost of Data Breaches
Depending on the estimate, the average data breach can cost a company $7 million or $150 million. Why are data breach costs so difficult to estimate?In May, tucked away in its quarterly filing to the Securities and Exchange Commission, retail giant Target updated its running total of the cost of its 2013 holiday season breach. The damages so far: $291 million. Those losses eventually may reach $370 million, according to the company's estimates. While the retail giant may have outdone its peers with the bill for its breach, it is hardly alone. U.K. mobile service provider TalkTalk attributed more than $80 million in losses to a breach that garnered information on 157,000 customers. Following its breach in 2014, Home Depot tallied at least $161 million in costs from the loss of 40 million payment-card accounts and more than 50 million e-mail addresses, the company claimed in March. Yet, other companies have no idea how much damage their breaches have done. In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem. More than a year later, the company cannot put a number to its damages.
"While a loss from these matters is reasonably possible, we cannot reasonably estimate a range of possible losses," the company stated in its latest quarterly SEC filing, listing a variety of unknowns: its ongoing investigation, the early stage at which legal proceedings progress, unknown damages and uncertainty in the number of lawsuits that will be filed.