[Editor’s note: Today’s post comes to us courtesy of Beth Kotz, Credit.com contributing author. Being hit by a cyberattack brings serious financial and reputational repurcussions, which makes working to prevent and prepare for the various possibilities an important part of any crisis management plan.]
The True Cost of a Credit Card Breach Disaster
In late 2013, big-box retailer Target suffered a data breach that ultimately led to nearly $300 million in incurred expenses. The following year, The Home Depot incurred more than $260 million 
in expenses following another breach. These figures serve as striking illustrations of the exceptionally high cost that often comes with breaches in data security, but don’t be fooled: even small and mid-sized businesses are vulnerable. Customer data – including names, social security numbers, medical records, credit and debit card information and more – is highly prized by hackers, and they have a number of means at their disposal to uncover it.
While huge companies may not bat an eye at the cost of these breaches, the damage to a smaller firm’s reputation and finances can be irreparable – so preventing one is of paramount importance for any business that handles customer financial data.
So get a better understanding of why this is such an essential issue, let’s dig deeper into the true costs of credit card and other data breaches – and how you can better guard your business against them.
Financial Costs
The most obvious impact associated with a data breach is the cost of setting the matter right, otherwise known as remediation. Studies have found that, on average, it takes about 46 days to resolve a cyber-attack – at a cost of more than $21,000 per day. That adds up to nearly a million dollars, and it still is no guarantee that all vulnerabilities will have been detected and fixed. Legal fees from class action lawsuits and other legal actions add up quickly as well, in addition to an assortment of fines from payment processors, regulatory agencies and other institutions. Loss or disruption of business often leads to even greater losses, so it’s no surprise that the average cost of a data breach has soared to $221 per record and over $7 million in total.
Reputation Damages
Financial losses can be quantified relatively easily, but some damages are less immediately apparent. In particular, a credit card breach may lead to a significant hit to your business’ reputation. In addition to the general public relations nightmare a cyber-attack can stir up, customers and clients often lose trust and confidence in companies whose data comes under attack. These effects may linger for years after the breach. While large and well-established companies may be able to weather the storm, such a blow can prove devastating – in some cases, even fatal – to smaller businesses.
Costs to Customers
While your business may take the brunt of any data breach, your customers are unlikely to come away unscathed. Customers whose data has been stolen face the very real risk of identity theft, which can be extremely disruptive and financially devastating. Bank accounts may be tied up, loans may be slowed or denied and credit scores can be ruined in a matter of minutes. For customers, rebuilding their credit scores, replacing stolen cards and addressing compromised accounts often takes a great deal of time, effort and money.
Protecting Customer Data
The best way to limit the damaging fallout from a data breach, of course, is to prevent it from occurring in the first place. Fortunately, there are a number of active measures you can take to protect the sensitive data of your business and its customers. First and foremost, thoroughly research any financial institutions you’re considering doing business with, from banks to payment processors and anything in between. If they’ve had any history of data breaches, or if their data security measures are lacking, consider taking your business elsewhere.
Don’t neglect your own security, either. Every business should have clear and comprehensive data security protocols in place, any financial transactions should be PCI compliant, and all employees should be trained and equipped to respond appropriately to potential issues and suspicious activity. It’s also important to place tight controls on who can access data and devices, as unintentional data breaches represent a threat every bit as serious as malicious hacking activity.
In many respects, a business is only as good as its reputation. There’s perhaps no quicker way to ruin that reputation than to allow your customers’ sensitive data to become compromised, which is why a data breach is devastating to a small business. Much is riding on your ability to protect the data that you collect from your customers, but with sustained vigilance and a proper data security plan in place, you can go a long way toward keeping your data safe and secure.
Beth Kotz is a contributing writer to Credit.com. She specializes in covering financial advice for female entrepreneurs, college students and recent graduates. She earned a BA in Communications and Media from DePaul University in Chicago, Illinois, where she continues to live and work.