Have you ever wondered what the actual cost of security breaches are?
Target, due to its mid-December, 2013, breach can certainly be a case study. As of now, Target's profits are down 46% and down by 5.3% in revenue. Their stock is still down by 5% as well.
While this tells me it's an excellent time to shop at Target, why aren't more people shopping there? And why did Target take such a hit in profits?
Part of this no doubt involves the timing of the breach. Rumors started to filter out in the middle of the holiday shopping season followed by the announcement.
Another part may be related to a loss of trust. Since rumors leaked out before Target made an official announcement, consumers may not consider Target to be as trustworthy a source anymore. Granted they may have wanted to wait until after the holiday shopping season was over, but the leak made that impossible. Since the rumors started before Target made the announcement, it looked like the company was trying to hide the damage instead.
Of course, after they announced the breach, they later had to amended the magnitude of the breach. Not only were credit card numbers stolen, but personal information was also stolen. Since privacy is a hot topic, people may continue to be wary about shopping at Target until some more time has passed.
Here are some potential take-aways from the Target breach:
- Hackers seem to like to try for a mid-December attack. The massive 2006 attack also happened in mid-December.
- If someone leaks that you've been hacked, disclose immediately and with as much detail as feasible.
- When you finally tell the public about a breach, also include what you're doing to circumvent future attacks.
- It's probably a good idea to educate the public about what the breach means for them and their continued use of your product.