Everyone Pays for Data Breaches

In 2016, a Ponemon Institute study of 383 companies across the world showed that the average total cost of a data breach is $4 million.  This was a 29% increase in the cost since 2013.  Although businesses and financial institutions seem to be fighting for tougher data security, thieves are working just as hard to infiltrate systems around the world and get their hands on as much personal data as they can. But as we continue to fight the good fight for secure payments and information, who is really footing the bill when a data breach occurs?


When a data breach occurs, the merchant is hit hard with costs for everything involved in mitigating the issue and saving their business, if possible.  The average data breach results in merchants paying for the following:

  • Breach detection
  • Breach escalation
  • Notifying consumers
  • Cancelled credit accounts
  • Forensic examination
  • Legal defense
  • Legal settlement
  • Fines
  • High insurance premiums

But, the actual breach resolution costs are just the tip of the iceberg.  The fear and backlash from data breaches of any size typically result in a significant loss of consumer trust, and the sales that come with it.  This decrease in business can cost up to $443 million, as Target seen when their profits fell 40% after a significant data breach.

Service Providers

When an organization experiences a data breach, the providers of their payment processing and other information services absorb some cost as well.  Acquirers and other service providers generally incur some of the fines and other expenses involved with investigating and correcting the issue.  However, payment and data service providers are hit the hardest by the lasting responsibility of finding new and improved ways to protect sensitive information and deter fraudsters.

Financial Institutes

Financial institutions are typically the party held responsible for replacing any consumer funds for fraudulent charges.  Also, after a data breach, consumers’ cards must be cancelled and new ones have to be re-issued.  For a bank, retailer, or other card issuer to replace consumer cards, the cost can be up to $10 per cardholder.  Financial institutions even bear some of the burden of reassuring consumers that their data and personal identity will be safe going forward. In many cases, data breaches can cause consumers to become weary of financial institutions and will avoid taking advantage of additional payment methods.


Unfortunately, the people often left with the most of the cost after a data breach are the consumers who were victimized in the first place.  Depending on the kind of data breach and the level of information that becomes compromised or stolen, a consumer’s entire identity could be at risk.  Besides the hassles involved with sorting out financial and credit problems, customers end up incurring cost from data breaches in the following ways:

  • Increased prices from retailers who are recovering from a costly data breach.
  • A spike in interest rates from card issuers that have had to re-issue cards and cover breach damages.

In the end, the costs to recover from a data breach can harm merchants, third party service providers, card issuers, and consumers in major ways. Luckily, by making a data security a priority, organizations can better ensure their protection and the protection of their consumers.  Making the regular upfront investments to continuously develop and implement the latest and greatest in data security is the best way for businesses to avoid being compromised in a breach and to keep their business thriving.

in Industry News, Security

Get Social
Access Payment Industry Info
& Merchant Insights.