While it is still early, it appears Home Depot’s data breach has already cost the company an estimated $60 million. Home Depot’s damages, which include costs for credit monitoring for its customers, call center staffing, legal services as well as costs to replace credit/debit cards, will undoubtedly increase as the extent of the breach is better understood.
Based on recent trends, Home Depot should not be surprised by the cost of this data breach. In May of 2014, IBM and the Poneman Institute issued a report where they found the average cost for a single stolen record containing private information increased from $188 in 2013 to $201 in 2014. These costs are the same regardless of whether the company is Home Depot or a small neighborhood hardware store.
However, there is a bright spot seen in the report. While completely preventing a data breach may be difficult, the report indicated its participants could reduce the costs of a data breach by investing in techniques to “mitigate the risk and consequences of a data breach.”
The report did not include the amount of damages that can be reduced by cyber liability insurance policies after a breach. However, last week, the Insurance Journal reported Home Depot believed its insurers would pay $27 million of the $60 million in damages incurred to date. Consequently, while it is becoming more difficult to prevent a data breach, risk managers are finding insurance coverage provides another tool to mitigate damages after the breach.