The total fee for the data breach that Epsilon will face could reach as high as $4 billion, depending on what becomes of the data that was stolen, according to cyber-risk advisory firm. It’s a massive event that indicates the overlooked risk of cloud-based computing system.
According to a report by CyberFactors, the sum includes cost to Epsilon, its customers and the individuals whose email addresses were stolen. It is estimated that the number of affected emails in the Epsilon breach is at $60 million.
Costs to Epsilon’s include notification of their customers about the theft, settlements to those customers, legal defense, compliance adjustments and loss of business, the report says. While Epsilon costs will include all those factors including forensic investigation, regulatory investigations and fines, which could eventually run as high as $3 billion to $4 billion.
These figures will be reached given hackers and phishers will use the compromised e-mail addresses to gain access to sites that contain consumers’ personal information.
The Epsilon breach may have affected 75 companies or 3% of Epsilon’s customers, and could eventually cost these companies as much as $412 million, for a total event cost of $637 million.
According to Regina Clark, Research and Analytics Director of CyberFactors, “The economics of business risk for cloud providers and their customers can no longer be ignored.” She added, “With the cost of technology failures rising at an accelerated rate, the Epsilon event suggests a much more profound financial risk environment is now upon us. Cloud companies would be wise to think more like banks, insurance companies and hedge funds, and not just aggregators of the world’s precious data and technology dependencies.”
CyberFactors says it is more likely that Epsilon will lose some current customers and potential future customers who are scared by news of the breach.
More results of the breach are:
- 51% of the costs related to the Epsilon data breach will occur in year one, 42% in year two, and 7% in year three and thereafter
- Loss of revenue related could range from $6.1 million if just 1% of customers left, to $30.7 million if there were 5% churn
- Since 2005, data events have cost individual affected companies from $5.5 million to $12.8 million, depending on the industry and assuming no liability claims, according to research by CyberFactors