Lack of appropriate security controls in the critical business process increases Data Breach Risk and can result in severe losses. According to a survey by the Ponemon Institute1 , Data breach costs companies on an average $220 per compromised or lost/stolen records. At Pricchaa, we analyze Data Breach impact through the lens of the following framework:
TalkTalk Telecom Group plc provides television, telecommunications, Internet access, and mobile network services to businesses and consumers in the United Kingdom. In October 20152, Talk Talk experienced a data breach incident that exposed personal information of its 156,959 customers including their names, addresses, dates of birth, phone numbers and email addresses. In some cases, hackers were also able to gain access to its customers’ bank account information.
Financial Loss: In May 2016, TalkTalk revealed that the company incurred £42 million in costs related to the investigation and fixing the security issues3,4.
Customer Loss: Talk Talk reported losing 101,000 customers because of this incident3. Customer lifecycle value analysis suggests that the company lost between £100-120 million in yearly revenue. This does not even include the impact of the opportunity cost because of the tarnished brand image (i.e. potential customers that would not consider Talk Talk as an option). A survey by Aletse5 indicates that over 90% of American consumers are unsettled by data breach incidents and a large number of them would not consider doing business with a company impacted by a data breach.
Shareholder Impact: Immediately after the announcement of the data breach incident, TalkTalk share price dropped by 18% and has not fully recovered till date. While there are a number of factors that impact the stock price and the shareholders’ value, we estimate that the shareholder’s lost between £250-400 million because of this incident.
Compliance Issue: The Information Commissioner’s Office of UK fined TalkTalk £400,000 for its failure to implement basic security measures. Regulatory agencies are increasingly taking a tougher stance on companies that do not take appropriate measures to prevent data breach incidents. In a separate incident, New York Attorney general fined Trump Hotel Collection $50,000 for its poor handling of a data breach incident6.
Adding up all these costs, Talk Talk lost between £300-500 million because of a single data breach incident involving 157,000 customers. With the accelerating adoption of big data, increasing reliance on automated systems for critical business decisions, and an expanding number of privacy-related regulations, detecting and protecting sensitive information is no longer an option but an imperative.
- 2016 Cost of Data Breach Study: The United States, Ponemon Institute LLC June 2016, https://www.ponemon.org/