What happens when a cyber-criminal gains access to the customer credit records that a business owner thought were secure? When it’s your business and your customers, you must do whatever it takes to make things right. Unfortunately, the consequences that merchants face if their credit card data is breached may go far beyond a loss of immediate income. Setting things right for your customers may lead to a financial setback for you and your business.
Target’s experience is an example of a worst case scenario data breach. Hackers compromised an estimated 40 million credit and debit card records. They also gained access to customer email, phone, and personal records. The breach triggered a loss of consumer loyalty and confidence that will be hard to overcome. The CBS news article, “Data-breach costs take toll on Target profit,” pinpointed some of Target’s resultant financial setbacks.
- 5.3 percent drop in sales
- Decrease in fourth quarter earnings
- A 10 percent dip in Target stock prices
- $61 million in expenses.
Cyber crime expenses
The financial impact to businesses goes beyond lost sales and stock values. Whether the cyber attack is big or small, data breach recovery expenses can effect a business’s bottom line. The $61 million that Target must spend on recovery expenses might sound unreasonably high, but a small business dealing with a breach will have comparable expenses on a smaller scale.
In the report “Data Breach Costs,” Zurich American Insurance Company reviewed the most common expenses incurred by businesses that have suffered a data breach. While some of these expenses may be covered by insurance, most will be paid by the business owner.
- Forensic examination to determine the extent of the breach
- Notification of third parties effected
- Call centers for consumers solutions, explanations, and answers
- Credit or identity monitoring and restoration for customers
- Public relations to restore good name and customer confidence
- Legal costs to defend against suits filed by customers
- Regulatory proceedings, penalties, and fines by the Federal Trade Commission and local states attorneys
- Comprehensive security program implementation as part of regulatory settlements
All businesses are vulnerable
Data breaches are more common than you might imagine. Arts and craft giant, Michael’s, admitted to experiencing a 2013 holiday season data breach that affected personal data for 2.6 million credit and debit customers. Earlier this year, department store, Neiman Marcus, confirmed a data breach due to malware in store terminals. But it’s not just the big businesses that are vulnerable to cyber attack.
Symantecs “Internet Security Threat Report 2014” explained that “Small businesses and consumers are most at risk from losing data, files or memories.” The report further revealed that 1 in 5 businesses were targeted with “spear-phishing” emails.
In an effort to educate business owners about the risks of cyber crime, the Small Business Administration has developed the online course, “Cybersecurity for Small Businesses.” SBA, Homeland Security, and other organizations also promote cyber safety during National Cyber Security Awareness Month in October.
It’s hard to catch or even keep up with cyber criminals. Even if they are caught, they may not have the resources to pay for the damage they do. As businesses are the keepers of sensitive data, it makes sense that they are the ones being held accountable for failing to keep customer records secure.
It’s difficult to avoid cyber criminals completely, so it’s up to you to implement an encrypted online transaction system that will allow you to function efficiently while keeping customer data safe.