Total cost of Epsilon breach could reach $4 billion

E-mail services firm Epsilon will face years of repercussions and up to $225 million in total costs as a result of its recent data breach, a massive event that indicates the often overlooked risk of cloud-based computing systems, according to a report by CyberFactors.

The recent breakdown of Amazon’s cloud computing services that disrupted services to popular sites like Foursquare and Quora is another example of a cloud failure that could prove extremely costly in the long run – and a hint of more troubles on the horizon.

The Epsilon breach may have affected 75 companies or 3% of Epsilon’s customers, not 2% as previously reported, and could eventually cost these companies as much as $412 million, for a total event cost of $637 million. Further, CyberFactors conservatively estimated the number of affected e-mails in the Epsilon breach at 60 million.

The total cost of the Epsilon breach – including forensic audits and monitoring, fines, litigation and lost business for provider and customers – could eventually run as high as $3 billion to $4 billion, according to CyberFactors, given that the compromised e-mail addresses could be used by phishers to gain access to sites that contain consumers’ personal information.

“While the attractiveness of the cloud model is hard to refute, the economics of business risk for cloud providers and their customers can no longer be ignored,” said Regina Clark, Research and Analytics Director, CyberFactors. “With the cost of technology failures rising at an accelerated rate, the Epsilon event suggests a much more profound financial risk environment is now upon us. Cloud companies would be wise to think more like banks, insurance companies and hedge funds, and not just aggregators of the world’s precious data and technology dependencies.”

Other results of the research on the Epsilon breach:

  • 51% of the costs related to the Epsilon data breach will occur in year one, 42% in year two, and 7% in year three and thereafter
  • Loss of revenue related to customer churn as part of the Epsilon breach fallout could range from $6.1 million if just 1% of customers left, to $30.7 million if there were 5% churn.
  • CyberFactors research shows that since 2005, data events have cost individual affected companies in the range of $5.5 million to $12.8 million, depending on the industry and assuming no liability claims.

Source: http://www.net-security.org/secworld.php?id=10966