The reasons companies don’t fix cyber security 2


Following a series of high-profile losses of customer’s personal data suffered by major companies such as Sony, Home Depot and Target, Erik Sherman considers on the CBS Moneywatch website why companies do not improve IT security and safeguards for customer data.

The answer is that although the cost of remediation and fixes following such data leaks looks enormous to the average person, the financial impact on companies is negligible.  For example, when Target lost 40 million credit card numbers and 70 million other records, the cost after deductions was 105 million dollars which is less than 0.1 percent of the company’s revenue.

Even the reputational damage to companies from huge data losses seems relatively short-lived.  Following a major breach of Sony’s network the Ponemon Institute polled consumers every 48 hours to check the company’s reputation.  After less than six months the Sony’s reputation had recovered its place to where it was prior to the breach.