Abstract
Recent years have seen increases in the number of data breaches. This chapter attempts to quantify the impacts of data breaches in terms of the monetary costs incurred by providers and consumers. This is important because data breaches are a major factor when allocating funds for security controls. Case studies involving the Equifax incident in 2017 and the Target incident in 2013 are employed to demonstrate that the cost impacts of data breaches are significant for providers as well as consumers. The cost components in the overall cost function for providers and consumers are presented. Guided by open-source data, the cost components in the provider portion of the cost function are expressed as best-fit functions of time since the data breach. An important point in the cost quantification is that equal weights are assigned to the costs incurred by the provider and the consumers.
Chapter PDF
Similar content being viewed by others
References
A. Acquisti, A. Friedman and R. Telang, Is there a cost to privacy breaches? An event study, Proceedings of the Twenty-Seventh International Conference on Information Systems, article no. 94, 2006.
Agence France-Presse, Massive data breach has cost Equifax nearly \$90 million, November 11, 2017.
Consumer Reports, Don’t get taken guarding your ID. Do-it-yourself safeguards are just as effective as paid services, September 8, 2014.
Federal Trade Commission, The Equifax Data Breach, Washington, DC (www.ftc.gov/equifax-data-breach), 2018.
D. Goguen, How, and How Much, Do Lawyers Charge? Lawyers.com (www.lawyers.com/legal-info/research/how-and-how-much-do-lawyers-charge.html), 2019.
K. Grant, Identity theft isn’t just an adult problem. Kids are victims, too, CNBC, April 24, 2018.
S. Gressin, The Equifax Data Breach: What to Do, Federal Trade Commission, Washington, DC (www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do), September 8, 2017.
M. Heller, Equifax hack could cost well over \$600M, CFO Magazine, March 5, 2018.
IBM Security and Ponemon Institute, 2018 Cost of a Data Breach Study: Global Overview, Cambridge, Massachusetts and North Traverse City, Michigan (www.ibm.com/security/data-breach), 2018.
Javelin, Identity fraud hits all time high with 16.7 million U.S. victims in 2017, according to new Javelin Strategy and Research study, Press Release, San Francisco, California (www.javelinstrategy.com/press-release/identity-fraud-hits-all-time-high-167-million-us-victims-2017-according-new-javelin), February 6, 2018.
B. Krebs, Who’s selling credit cards from Target? Krebs on Security (www.krebsonsecurity.com/2013/12/whos-selling-credit-cards-from-target), December 24, 2013.
K. Lobosco, Congress just made credit freezes free, CNN, May 22, 2018.
J. Luszcz, Apache Struts 2: How technical and development gaps caused the Equifax Breach, Network Security, vol. 2018(1), pp. 5–8, 2018.
V. Lynch, Cost of 2013 Target data breach nears \$300 million, Hashed Out (www.thesslstore.com/blog/2013-target-data-breach-settled), May 26, 2017.
Marketwatch, Target’s profits down \$440M after data breach, New York Post, February 26, 2014.
K. McCoy, Equifax data breach: What’s changed since last year’s huge hack of personal information? USA Today, September 7, 2018.
J. McCrank and J. Finkle, Equifax breach could be most costly in corporate history, Reuters, March 2, 2018.
PYMNTS, Equifax breach to cost total of \$439M (www.pymnts.com/news/security-and-risk/2018/equifax-cost-275m), March 5, 2018.
V. Reklaitis, Equifax’s stock has fallen 31% since breach disclosure, erasing \$5 billion in market cap, MarketWatch, September 14, 2017.
J. Roman, Target breach costs: \$162 million. Response expenses continue to grow following 2013 incident, BankInfoSecurity (www.bankinfosecurity.com/target-breach-costs-162-million-a-7951), February 25 2015.
S. Romanosky, Examining the costs and causes of cyber incidents, Journal of Cybersecurity, vol. 2(2), pp. 121–135, 2016.
X. Shu, K. Tian, A. Ciambrone and D. Yao, Breaking the Target: An Analysis of the Target Data Breach and Lessons Learned, (arXiv:1701.04940) , 2017.
Titanadmin, The cost of the Equifax data breach? \$242 million and rising, SpamTitan, Tampa, Florida (www.spamtitan.com/blog/cost-of-the-equifax-data-breach-242-million-rising), April 27, 2018.
F. Williams, How credit freezes work and what they cost, CreditCards.com, Austin, Texas (www.creditcards.com/credit-card-news/credit-report-freeze-1282.php), September 13, 2017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 IFIP International Federation for Information Processing
About this paper
Cite this paper
Dongre, S., Mishra, S., Romanowski, C., Buddhadev, M. (2019). Quantifying the Costs of Data Breaches. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XIII. ICCIP 2019. IFIP Advances in Information and Communication Technology, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-030-34647-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-34647-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34646-1
Online ISBN: 978-3-030-34647-8
eBook Packages: Computer ScienceComputer Science (R0)
