Logblog: The Cost of Reputation In Light of a Security Breach

« Logging Glossary: Log External Reference | Main | Anton Logging Tip of the Day #10: Email Tracking Through Logs »

The Cost of Reputation In Light of a Security Breach

What is the cost to reputation from a security breach? Well it depends . . .

Over the past few months we've talked alot about TJX and their now-infamous security breach. In fact, a few days ago, InformationWeek reported that TJX Companies, Inc. (the parent company of T.J. Maxx and Marshalls, among retailers) continues to be hit hard by their breach -- which is now being known as the largest customer data breach in history.

In fact, the company announced in its first quarterly earnings statement that it took a $12 million hit (or 3 cents per share), owing the loss to the over 45 million credit and debit card numbers that were stolen from its IT systems over an 18-month period. During their earnings call, TJX went elaborated that they incurred an after-tax charge of $12 million for technical and legal fees related to the investigation and containment of the breach. Part of the costs, too, are for measures that they are taking in reponse to the breach to improve computer security and systems. This is $12M in addition to the $5M for similar efforts that the company reported at the end of the fourth-quarter. This means only one quarter into the new fiscal year, the company has already lost $17 million.

Between the above and a pending class-action lawsuit being filed by the Massachusetts Bankers Association, it stands to reason that the price of reputation is pretty high in response to a security breach. The ROI on proactively preventing breaches is far more tolerable -- and less costly -- for most companies.

Ignoring PCI Compliance could be bad for your business, and risky to boot.

Technorati : Compliance, Log Management, PCI