"Information security breaches cost anywhere between $90 to $305 per lost record"

I wonder what the cost to the CUSTOMER is when this happens... but I can guess the likely range is from "nil" to "life altering".

"TJX costs would only exceed $1bn if widespread incidents of identity theft associated with the breach forced the retail giant to slash costs and mount a costly marketing drive in a bid to woo punters back into stores."

Isn't it comforting to know that nowhere in that plan is the compensation of hypothetical victims of corporate blundering?

Dan made a good point there. I can't remember seeing compensation being factored into these sorts of figures, which I've always thought were a bit moody anyway.

But then, I've lawys had a suspicion about 'analysts' and their motives anyway. To me it seems their work involves hawking exaggerated claims and statements of the bleedin' obvious to get press inches and encourage people to buy their half a tree's worth of report. Or am I just a cynic?

I'm pretty sure compensation comes under legal fees in these studies, the idea that it isn't considered as a cost doesn't really fit.

I am little confused as to why it would bother you if compensation wasn't considered in the analysis, do you think that because the analysts haven't factored it in that nobody would receive compensation? If so, on what are you basing this assumption?