Consumers may be more on the hook for paying for the rising costs of data breaches than they realize, as companies increasingly turn to price hikes as part of their post-breach cost-recovery strategies. According to a report from IBM earlier this year, nearly two-thirds of companies plan to pass along data breach costs directly to their customers, a practice that is sharply increasing, IBM said. “When organizations find themselves saddled with multimillion-dollar costs, they may look to recoup those costs elsewhere. One option is to pass them along to their own customers in the form of price hikes, which is an increasing trend. Raising prices can be risky in a market already facing pricing pressure,” IBM’s researchers wrote. “Most organizations said they planned to increase prices of goods and services following a data breach, passing costs along to customers. The share of organizations that planned to do so increased to 63% this year from 57% last year, representing a 10.5% increase.”The survey did not detail the percentage of costs companies plan to recoup from customers. And, depending on a company’s customer base and pricing, it’s not clear whether the increase would be noticed by most customers, but Nabil Hannan, field CISO for NetSPI, argued that any pass-along costs absolutely cannot be hidden from customers.”There may be legitimate reasons why you have to pass these costs to the customer, but you must do it with transparency,” Hannan said. In today’s social media environment, he explained, the risk of a customer calculating their bill and discovering the increase are too severe. “You need just one [customer], the right one, to figure it out and then it gets blasted in the media,” he said.But, Hannan argued, there may be a silver lining for CISOs. A lot of the traditional cybersecurity budget arguments, brand reputation, compliance costs, privacy issues, data leakage, and so on, are starting to wear thin with their CFO and CEO audiences. Not so with cost increases, which can undermine the enterprise’s competitive position. Data-breach cost pass-alongs could potentially impact market share, the kind of thing that grabs CFO, CEO, and even board attention. That might, Hannan said, give senior management reason to rethink CISO budget requests.”The potential for increased prices and diluted competitiveness provides CISOs with a compelling argument to secure appropriate funding for cybersecurity initiatives,” Hannan said. “It demonstrates that the cost of inaction, both in financial terms and in reputational damage, far outweighs the cost of robust security programs.”IDC research VP Chris Kissel underscored the danger for enterprises of passing along data breach costs to customers. “If they overplay their hand, they may lose the contract the next time,” Kissel said. “Certain [higher-margin] business are able to pass more of these costs to customers. eBay or Amazon, for example, will never pass along data breach costs. Passing along data breach costs to your customers should be a very last-case scenario.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3616501/63-of-companies-plan-to-pass-data-breach-costs-to-customers.html
