• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii

3

Current price of oil as of July 2, 2026

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii

3

Current price of oil as of July 2, 2026
Tech

How much do data breaches cost big companies? Shockingly little

Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
March 27, 2015, 5:28 AM ET
Photograph by Bloomberg/Getty Images
Add Fortune on Google for similar content.

In the last two years, Fortune 500 companies from Sony to Target to Anthem have experienced major data breaches. Executives have lost their jobs, tens of millions of consumers have had their credit card and other personal data compromised, and corporations have frantically tried to contain the damage. Just last week, Target agreed to pay $10 million in a proposed settlement of a class-action lawsuit related to a huge 2013 data breach.

But for all the panicky headlines, the boardroom anxiety, and the general cyber security doom-and-gloom, one important—if counterintuitive—question seems to have been overlooked: How much does hacking really cost big companies?

If you dig into the financial performance results of companies hit by some of the world’s most notorious, disclosed data breaches, a disturbing fact will strike you: They don’t seem to cost all that much.

That is the stunning conclusion of an analysis by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs. Dean—who also has a background in accounting—pored over 10-K filings for Sony (SNE), Home Depot (HD), and Target (TGT), after their recent, well-publicized security breaches. Keeping an eye out for breach-related expenses in these companies’ quarterly financial reports, Dean discovered that the actual expenses reported by these companies amounted to less than 1% of each company’s annual revenues.

“After reimbursement from insurance and minus tax deductions, the losses are even less,” Dean writes on The Conversation, where his post initially appeared.

A close look at Sony

Sony’s November 2014 hacking led to the disclosure of unreleased movies, embarrassing internal emails, and personal data—including Social Security numbers—of 47,000 celebrities and employees. (It was so traumatic and disruptive to the company that it delayed its 10-K filing.)

Still, Sony estimates its breach’s financial impact has been just $15 million to date “in investigation and remediation costs.” That’s barely a blip on the radar.

“To give some scale to these losses,” Dean writes, “they represent from 0.9% to 2% of Sony’s total projected sales for 2014 and a fraction of the initial estimates.”

Dean notes that Sony, in total, anticipates spending $35 million “restoring financial and IT systems” for the full fiscal year. Further writing off the breach’s monetary ramifications, the company forecasts: “Sony believes that the impact of the cyberattack on its consolidated results for the fiscal year ending March 31, 2015 will not be material.” Translation: <Shrug>.

These numbers are likely not small enough to vindicate Sony Pictures’ former executive director of information security. In 2007, he told CIO Magazine that “‘it’s a valid business decision to accept the risk’ of a security breach…I will not invest $10 million to avoid a possible $1 million loss.” But Dean’s analysis does come alarmingly close to making the minimal effort-stance a defensible position.

The Home Depot hacking also barely made a dent.

Last year’s Home Depot hacking led to crooks pocketing an estimated 50 million customers’ credit card numbers and email addresses, but this relevant bit from Home Depot’s most recent earning’s report shows it had a negligible impact:

In the third quarter of fiscal 2014, the Company recorded $43 million of pretax expenses related to the Data Breach, partially offset by a $15 million receivable for costs the Company believes are reimbursable and probable of recovery under its insurance coverage, for pretax net expenses of $28 million.

When you do the math, that $28 million “represents less than 0.01% of Home Depot’s sales for 2014,” Dean points out.

And what about Target?

Target’s hacking in late 2013 resulted in the theft of 40 million payment cards and 70 million other records, including customers’ email addresses and phone numbers. The security breach was considered so severe that the CEO felt compelled to resign.

And yet, Target, in its latest filing, lays out in great detail the tolls of its breach:

The Company incurred breach-related expenses of $4 million in fourth quarter 2014 and full-year net expense of $145 million, which reflects $191 million of gross expense partially offset by the recognition of a $46 million insurance receivable. Fourth quarter and full-year 2013 net expense related to the data breach was $17 million, reflecting $61 million of gross expense partially offset by the recognition of a $44 million insurance receivable.

To sum the math up, Target’s gross expenses totaled $252 million, insurance compensation brought that down to $162 million, and further tax deductions yield a final $105 million. While larger than either Home Depot’s or Sony’s outlay, the final amount is not so wounding in the grand scheme of things.

“This is the equivalent of 0.1% of 2014 sales,” Dean notes.

“To the companies themselves, this seems like a rounding error,” he told Fortune on a call from Australia. “It’s certainly not a huge loss when compared to their annual revenues.”

To invest or not to invest in security

To be sure, this analysis has generated criticism. Matthew Rosenquist, an information security strategist at Intel (INTC), argues Dean’s analysis has several problems. First, he notes Dean uses revenues rather than profits as the key metric. “It can make a lot of difference to management if an attack consumes a big chunk of your profit or worse, pushes you from the green into the red side of the ledger,” he writes on a company blog.

Rosenquist also stresses the hidden costs of a breach: rising insurance premiums, damage to third parties, sinking customer goodwill and trust. Most importantly, he writes, failing to invest in security is strategically myopic; without ensured stability, a business may as well be committing corporate suicide.

Dean acknowledges that over time consumer faith may erode, but he says, for now, “You can’t see losses and effects on the bottom line in terms of reputational damage.”

Actually, Rosenquist and Dean don’t differ greatly in their conclusions. “Regardless of the way we measure it, or whether we look forward or backward, we agree on the central point that companies need to invest in information security,” Dean told Fortune, responding to Rosenquist’s criticisms by email.

Turns out Dean is not an apologist for the willfully, digitally indisposed. He says he believes corporate networks need buttressing—even if data breaches don’t hurt companies’ bottom lines. Moreover, he believes the incentives for buttressing corporate networks need buttressing. And until corporations are held more accountable for these breaches—not with $10 million slaps-on-the-wrist—but with, well, he isn’t quiet sure what yet, companies won’t make the big investments in information security needed.

So, is security worth the investment? Here’s Dean’s take:

We need to get back to what the hard evidence says. What are the verified losses and impact, as opposed to speculation in some cases? It’s not quite fear-mongering. We need to ground our analysis in how big a problem this is. Once we’ve ascertained how big a problem it is, we can figure out what to do about it, and have an open and informed discussion. Right now that’s not happening. I’m not seeing hard evidence used to back up claims. If that discussion is happening, it’s not open.

Consider the conversation started.

Watch more business news from Fortune:

About the Author
Robert Hackett
By Robert Hackett
Instagram iconLinkedIn iconTwitter icon
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

2
Commentary250 Years of Innovation
America’s secret weapon isn’t just innovation — It’s the freedom to fail
By Keith KrachJuly 3, 2026
4 minutes ago
A $75 billion valuation, 75 million global customers and on its way to America—Revolut is London’s disruptor extraordinaire
EuropeLetter from London
A $75 billion valuation, 75 million global customers and on its way to America—Revolut is London’s disruptor extraordinaire
By Kamal AhmedJuly 3, 2026
8 minutes ago
Man in a black hat and jacket
InvestingSpace Exploration
Elon Musk can’t sell a single SpaceX share for a year—and then all the locks crack open at once
By Amanda GerutJuly 3, 2026
28 minutes ago
Microsoft’s next big bet isn’t on a model but on becoming the Swiss Army knife of enterprise AI
AIMicrosoft
Microsoft’s next big bet isn’t on a model but on becoming the Swiss Army knife of enterprise AI
By Sheryl Estrada and Sebastian HerreraJuly 3, 2026
3 hours ago
Those bots sending discounts to your email is dynamic pricing in action. Get revenge on those bots by abandoning your cart
RetailConsumer Spending
Those bots sending discounts to your email is dynamic pricing in action. Get revenge on those bots by abandoning your cart
By Catherina GioinoJuly 3, 2026
3 hours ago
z
AIdisruption
Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998
By Nick LichtenbergJuly 3, 2026
4 hours ago

Most Popular

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
2 days ago
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
Success
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
By Sasha RogelbergJuly 2, 2026
18 hours ago
Current price of oil as of July 2, 2026
Personal Finance
Current price of oil as of July 2, 2026
By Joseph HostetlerJuly 2, 2026
21 hours ago
Americans are escaping the U.S. for New Zealand where house prices have hit a new low—but only wealthy Americans with $3 million spare can invest
Success
Americans are escaping the U.S. for New Zealand where house prices have hit a new low—but only wealthy Americans with $3 million spare can invest
By Emma BurleighJuly 2, 2026
19 hours ago
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
Success
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
By Orianna Rosa RoyleJuly 2, 2026
1 day ago
Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs
Law
Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs
By Wyatte Grantham-Philips and The Associated PressJuly 2, 2026
16 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.