May 27, 2015

Rising data breach costs show need for national merchant standards

The average costs for businesses related to data breaches are going up, another sign of the need for Congress to adopt NAFCU-supported national data security merchants and retailers.

According to the "Cost of Data Breach Study: Global Analysis," released Wednesday by the Ponemon Institute, the average consolidated total cost of a data breach is $3.8 million, up 23 percent since 2013. The study, sponsored by IBM, covers 350 companies spanning 11 countries.

The groups cite three major reasons why the costs keep climbing.

"First, cyber attacks are increasing both in frequency and the cost it requires to resolve these security incidents," Larry Ponemon, chairman and founder of Ponemon Institute, said. "Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost. Third, more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management."

NAFCU has been the leader in urging Congress to adopt data security standards for merchants and retailers to improve consumer-data protection and reduce the costs for credit unions of dealing with merchant breaches.

A $19 million settlement proposed by Target Corporation and MasterCard over Target's massive 2013 breach fell through last week because not enough institutions opted into it.

"NAFCU will continue to press for national data security standards for merchants that are similar to those required of credit unions and other financial institutions under the Gramm-Leach-Bliley Act, including full accountability for merchants when breaches occur on their end," said Brad Thaler, NAFCU's vice president of legislative affairs.