Retail Giant Target was hit with a massive data breach incident during the holiday season of 2013. We posted a few articles outlining the severity of the breach and speculating on how cyber insurance may be their lifeline. Here’s a quick follow up on the claims the company has seen since the incident.
VentureBeat recently reported that Target is primed to pay “up to $1oM” to customers that had their credit card information stolen. While it’s likely a welcome relief for those customers effected by the breach, it’s far from the full story. A report released by insurance research firm Advisen shows that this payout is just the tip of the iceberg for the retail giant.
In fact, Target’s costs related to the data breach have reached $252M in total, of which $90M has been covered by cyber insurance. This is because the costs related to a data breach (and covered by cyber liability insurance) far exceed those of a settlement with effected customers. Those costs include:
- Defending various lawsuits from banks and customers alike
- Forensic / investigative costs to determine the cause of the breach
- Data and network infrastructure restoration and costs
- Compliance with breach notification laws
- Business interruption costs for downtime while fixing the POS systems
- Hiring marketing/PR firms to repair the reputational damage from such a disaster
In fact, Advisen’s research has revealed that the Target data breach was the largest data breach incident in the last 8 years. Keep in mind that the claims are still rolling in! Though the company still had to pay over $160M out of pocket, cyber insurance kicked in to cover a sizable portion of each of the above costs.
Startups facing a data breach situation will likely see their coverage limits go even farther because the claims won’t be nearly as massive as those faced by Target, Home Depot, or Anthem this past year. That’s a very good thing because while the smaller cyber attacks won’t always make the headlines, the danger to startups and small businesses is ever-growing.