Main Street vs. Wall Street: Who is to Blame for Data Breaches?
Click here to load reader
-
Upload
brunswick-group -
Category
Data & Analytics
-
view
1.075 -
download
0
description
Transcript of Main Street vs. Wall Street: Who is to Blame for Data Breaches?
Main Street vs. Wall Street Who is to Blame for Data Breaches? Spring 2014
Abu Dhabi
Beijing
Berlin
Brussels
Dallas
Dubai
Frankfurt
Hong Kong
Johannesburg
London
Milan
Munich
New York
Paris
Rome
San Francisco
São Paulo
Shanghai
Singapore
Stockholm
Vienna
Washington, D.C.
© BRUNSWICK | 2014 | 1
Growing Trend Scale and impact of data security issues continue to rise
Recent research has
determined the average cost
of a data breach to be $5.5
million per organization
and an average of $194 per
compromised record.
Studies also found for the
fourth straight year that
organizations’ need to respond
rapidly to data breaches drove
the associated costs higher.
Source: Open Security Foundation / DataLossDB.org; Ponemon Institute “Cost of a Breach Study”, 2011
21 44
157
644
774
1048
720
818
1072
1331
0
200
400
600
800
1000
1200
1400
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
Data Loss DB.org Incidents Over Time
© BRUNSWICK | 2014 | 2
High Risk, High Profile Privacy and data security issues are gaining attention worldwide
© BRUNSWICK | 2014 | 3
Heated Debate Retailers and Banks are going head-to-head over who is responsible
“For years, banks have continued
to issue fraud-prone magnetic
stripe cards to U.S. customers,
putting sensitive financial information
at risk while simultaneously touting
the security benefits of next
generation 'PIN and Chip' card
technology for customers in Europe
and dozens of other markets.”
“The NRF should focus its attention on
responding to the harm that security
breaches at several retailers have done
to consumers and their financial
institutions rather than hurling false
allegations blaming the banking
industry for these retail breaches.
Retailers and their processors —
not banks — are responsible for
the systems in their stores that process
payment cards.”
© BRUNSWICK | 2014 | 4
25% 75%
Retailers are doing enough to prevent data breaches, but the rise in usage of debit cards, credit cards and online payment systems, as well as increased capabilities of online thieves, means that data breaches are just the “new normal”
Retailers are not doing enough to prevent data breaches and need to take significant actions to improve the security of their payment systems
Are retailers doing enough to prevent data breaches?
What news events have consumers seen, read, or heard about? How concerned are consumers?
90%
83%
83%
78%
60%
A data breach at some U.S. retailers that resulted in the theft of the credit card information of more than 100 million consumers
Pop star Justin Bieber being arrested for DUI, drag racing, and resisting arrest
Security concerns for the upcoming Sochi Winter Olympics
President Obama giving the 2014 State of the Union address
President Obama announcing changes to the NSA surveillance program
94% concerned about data breaches at retailers
Difficult Opinion Environment Consumers are aware, concerned, and believe retailers are not doing enough to stop data breaches
© BRUNSWICK | 2014 | 5 Source: Harris Interactive – 2013 RQ Summary Report
High Marks for Industry Reputation… Retail industry is regarded as one of the most respected, banking is among the least respected
Tobacco
Government
Banking
Financial Services
Airline
Insurance
Pharmaceutical
Energy
Manufacturing
Automotive
Telecommunications
Consumer Products
Retail
Travel & Tourism
Technology
Industry Reputation Ratings NEGATIVE NEUTRAL POSITIVE
© BRUNSWICK | 2014 | 6
…But, Public Casts More Blame on Retailers Nearly as likely to hold retailers responsible as the criminals themselves; One-third will boycott
72% 28% Retailers Banks
Who is responsible? How have consumers responded?
65%
34%
24%
23%
12%
Started using cash more often
Stopped shopping at certain retailers
Started shopping more at online retailers
Stopped using my debit or credit card
Switched banks or credit card companies
79% 61%
34% 26% 18% 17%
TheCriminals
Retailers Banks Government Shoppers LawEnforcement
© BRUNSWICK | 2014 | 7
Making debit and credit cards more secure
63% 37%
Banks say that retailers are at fault for lacking the necessary security measures to prevent cyber-attacks from taking place, and therefore should be responsible for reissuing cards compromised in a security breach when the retailer is at fault.
Retailers say that banks are at fault for issuing cards with faulty technology that leaves customers prone to security lapses, and therefore should take steps to ensure credit card security so the cards are less likely to be corrupted.
70% 30%
Some say that in a situation where a systemic data breach is caused by a retailer’s payment system, the retailer should be financially responsible for these fraudulent charges,
NOT the credit card issuer. Would this be fair or unfair?
Unfair Fair
Clear Need for Effective Messaging Consumers side with the banks over shifting more financial liability to retailers
56% 44% Strengthening retail networks against hackers
The best defense against future data breaches is…
© BRUNSWICK | 2014 | 8
1 2 3 4 5 6
Lasting Impact Brunswick analysis of post-breach valuation discovered a long-term downward trend
Analysis of the average daily valuation data of 10 companies that have recently experienced large
data breaches uncovered that stock prices never fully rebound two quarters after the breach.
Anatomy of a Breach’s Impact on Valuation
Day before breach
Bargain buyback
Initial sell-off Long-term downward trend
Months after breach announcement
Lev
el o
f pr
e-br
each
val
uati
on
Average daily closing price
100%
95%
90%
85%
80%