Total Cost of Epsilon E-Mail Data Breach Could Reach $225M, Including Up to $45M in Lost Business, According to New Report by CyberFactors

Epsilon and Amazon episodes demonstrate how risk associated with cloud security issues is not being adequately addressed, company says

NEW YORK--()--E-mail services firm Epsilon will face years of repercussions and up to $225 million in total costs as a result of its recent data breach, a massive event that indicates the often overlooked risk of cloud-based computing systems, according to a research report released today by CyberFactors™, a cyber risk analytics and intelligence company.

The recent breakdown of Amazon’s cloud computing services that disrupted services to popular sites like Foursquare and Quora is another example of a cloud failure that could prove extremely costly in the long run – and a hint of more troubles on the horizon, CyberFactors asserted in its CyberBrief on Epsilon.

According to research conducted by CyberFactors, the Epsilon breach may have affected 75 companies or 3% of Epsilon’s customers, not 2% as previously reported, and could eventually cost these companies as much as $412 million, for a total event cost of $637 million. Further, CyberFactors conservatively estimated the number of affected e-mails in the Epsilon breach at 60 million.

The total cost of the Epsilon breach – including forensic audits and monitoring, fines, litigation and lost business for provider and customers – could eventually run as high as $3 billion to $4 billion, according to CyberFactors, given that the compromised e-mail addresses could be used by hackers and phishers to gain access to sites that contain consumers’ personal information.

“While the attractiveness of the cloud model is hard to refute, the economics of business risk for cloud providers and their customers can no longer be ignored,” said Regina Clark, Research and Analytics Director, CyberFactors. “With the cost of technology failures rising at an accelerated rate, the Epsilon event suggests a much more profound financial risk environment is now upon us. Cloud companies would be wise to think more like banks, insurance companies and hedge funds, and not just aggregators of the world’s precious data and technology dependencies.”

Some other results of CyberFactors research on the Epsilon breach:

  • 51% of the costs related to the Epsilon data breach will occur in year one, 42% in year two, and 7% in year three and thereafter
  • Loss of revenue related to customer churn as part of the Epsilon breach fallout could range from $6.1 million if just 1% of customers left, to $30.7 million if there were 5% churn.
  • CyberFactors research shows that since 2005, data events have cost individual affected companies in the range of $5.5 million to $12.8 million, depending on the industry and assuming no liability claims.

About CyberFactors

CyberFactors™ is a business and investment of CyberRiskPartners, LLC and was founded by veterans of the cyber security, financial services, technology and insurance industries. CyberRiskPartners, LLC is an investment and risk capital company for cyber security, risk and analytics platforms. For more information, please visit; follow us on Twitter @CyberFactors.


Marx Communications
Wendy Marx, 203-445-2850

Release Summary

Losses from the Epsilon data breach could eventually cost the company $225M, and its affected customers another $412M, according to a new report by CyberFactors also dealing with cloud computing risk.


Marx Communications
Wendy Marx, 203-445-2850