Last week saw Target agreeing to pay more money as a result of its 2013 data breach, and it won’t be the last time it has to do so. Corporate treasurers whose companies handle customer data must track these costs and take steps to avoid winding up in a similar situation. That means earmarking funds sooner rather than later.
“You’ve got to put some money and some people up front and be ready for when the bad thing happens or you’re going to wind up paying more later on,” fraud and cybersecurity expert Randy Sabett said.
Sabett said companies need to have a definitive structure and culture in place that encourages employees to be on the lookout for potential problems. “Having some sort of governance mechanism in place that’s appropriate is the goal that everyone should be moving toward,” he noted. “If you have a ‘tone from the top’ around cybersecurity matters and people are going to become more aware. The message will be, ‘If you see something, say something.’ Having that security culture is important.”
While Sabett acknowledges that solution is somewhat philosophical, there are more tangible solutions that businesses can implement. He suggests forming an actual cybersecurity team to which employees can report suspicious activity. This team would also take such proactive measures as running tabletop exercises that help make staff more aware of the threats that are out there, and revise policies around cybersecurity.
Sabett also emphasized the importance of purchasing cyberinsurance. “You need to look at your business and say, ‘Okay, here’s what we do, here’s where our exposure is, this is the approximate amount,” he said. “We’ve run into situations with [corporate] clients in the past who didn’t have the right cyberinsurance. They didn’t do a good job of evaluating their exposures and selecting a policy.”
Target’s latest settlement
Sabett’s advice comes in the wake of Target agreeing to pay $19 million to MasterCard issuers who had to cancel accounts and issue new cards as a result of the 2013 breach. The announcement comes a little less than a month after Target agreed to pay customers who incurred losses from the breach up to $10,000.
Target’s new settlement requires a minimum of 90 percent of eligible issuers to accept the offer by May 20. MasterCard is urging card issuers to accept the deal. Target has agreed to pay the money by the end of the second quarter.
“We are hopeful that Target’s agreement to pay up to $19 million to settle the claims of MasterCard and its issuers will result in a high level of issuer acceptance,” said Scott Kennedy, president, financial and retail services at Target in a statement. “Target intends to continue to defend itself vigorously against any assessments made by MasterCard on behalf of MasterCard issuers that do not accept their offers.”
The settlement only pertains to MasterCard issuers; Target is working on a separate agreement with Visa.