What is it they say about an “ounce of prevention”?
Home Depot’s recent $19.5 million consumer compensation announcement brings their costs related to the 2014 data breach to $161 million, and that doesn’t include costs to upgrade internal systems security and beef up their risk management team. Even scarier: Home Depot’s lawyers say the settlement “compares favorably” with costs incurred in other large retailer breaches.
We still aren’t anywhere close to where we need to be on data security, due both to continued insufficient controls at retailers (despite PCI and other regulatory mandates) and because the antiquated US card processing ecosystem still mostly relies on “in the clear” account numbers and unsophisticated authentication.
Adoption of technologies such as EMV and tokenization helps, but progress in this area continues to be slow, especially considering the potential costs and consequences. Related: Rosen Hotels announces 18-month data breach