A security breach can cost a company anywhere from $90 to $305 per lost record, according to Forrester Research.
Forrester based its numbers on a survey of 28 companies that had a data breach. The Register reported the results on Thursday but expressed some skepticism. "Senior analyst Khalid Kark describes its figures from costs as an "educated estimate". He admitted the auditing costs associated with security breaches is an inexact science," John Leyden wrote.
Itis ceretainly true that security analysts have an axe to grind, and wouldnit mind if the estimates were a little on the high side. For example, Forrester estimated that the US$1.35B costs associated with TJX loss of 30M (expired) credit cards would be "a realistic minimum estimate" over several years.
But TJX didnit agree. "TJX said it had spent just $5M up to the end of January on costs such as technical and legal fees and customer communications related to the breach. Tellingly investors havenit marked down its share price significantly in the expectation of major losses down the road," reported Mr. Leyden.
No matter who really has the best estimate, itis certain that when a company has customer data stolen, itis going to cost dearly.