Cost of a Breach: $6, not $187?
So TJX recently announced a $118m setaside to deal with the loss of control of 45 million records. Now, I’m not very good at math (if I was, I’d say $2.62, not $3), but it seems to me that the setaside is less than $3 per record. That doesn’t line up with the $187 per record that’s going around. In fact, it’s off by a factor of 60. Even if I’m not good at math, I can see that.
So to every journalist who’s quoted $187, I ask: what’s up with that discrepancy?
[Update: Apparently, the cost was $196M before taxes, and a commenter linked to a Boston Globe article arguing costs could reach $1B. I’ve updated the title to $6 (it was $3), but even at $1B, that’s roughly $21 per record, not $187. Which is “only” off by a factor of 6, not 60.]
[Update2: Thurston has comments in “Why TJX and Ponemon disagree.”]