Posted on May 28, 2015

CISOs: Pay Attention to the Cost of Lost Customers

If you haven't downloaded the latest Ponemon Institute report on the cost of data breaches, well, you might want it... Is that a yawn? A groan from data theft marketing fatigue and breach boredom? We get it.

Talking about the financial impact of data breaches isn't nearly as cool as dissecting hacks (ahem, Adult Friend Finder and mSpy) and monitoring the seedy hacker underground, but it couldn't be more relevant to the needs of your organization (we do both here).

Here's one morsel in the 30 page report that should help your reporting at the next board room: Lost business cost. It is now up to $1.57 million per breach. Ponemon writes in the report (on page 17):

As can be seen, lost business has potentially the most severe financial consequences and has steadily increased over the past three years. This cost component includes the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill.

Data breaches have frankly become too easy, too quick, and lucrative enough for criminal communities to exploit them repeatedly. It's easy to latch on to the big numbers of these reports, because they are growing and big numbers attract headlines. The lost business cost, however, is certainly one CISOs can use to show impact that will resonate across internal business departments and executive boards. Use it in communications and reports to show trend lines, and to have categories that you can measure against.

Ponemon tracks lost business cost over three years and weighs it against other key cost trends such as detection and escalation ($.99M), notification ($.17M), and ex-post response ($1.07M). All but notification are on the rise, but lost business cost had the largest amount increase of these four areas.

Three Feet High and Rising

Have data breach costs gone up? Yup. The average total cost of a data breach is now up to $3.79 million. Between 2013 and 2015 (in fiscal years), that number has expanded by 23%, according to the report that surveyed 350 companies.

Chief information security officers (CISO) that now have an active role in reporting to executive boards routinely struggle to translate security metrics in to business metrics that map to corporate strategy and goals, say the co-founders of SecurityScorecard.

They would know. As two former heads of security at the Gilt Groupe, they understand the importance of identifying KPIs that work for security and for the business.

It is not easy to do.

Security Research in your Inbox

Thanks for siging up for the newsletter!

Our Platform

Learn How It Works

Find out how we use open source intelligence, proprietary and open data feeds, and deep machine learning systems to correlate, attribute, and prioritize risks.

Learn About the Platform

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!