Cybersecurity and economic uncertainty
Can society live with constantly compromised data?
It’s a valid question because there’s every indication that we are doing so currently, and will continue to do so.
There are real consequences to data breaches, including identity theft, violations of privacy, lost time and productivity, financial loss or difficulty, compromised IP and business strategies, and even adverse, hard-to-measure economic impact.
Cybersecurity technologies and human processes have failed repeatedly. Many people respond with a jaded yawn, or they vaguely cite “blockchain” as the solution.
The timing here is relevant. Several other significant, unpredictable factors are already creating the impression of economic uncertainty. Capricious leadership, trade policies, and even voters have investors on edge.
David Coombs, head of multi-asset investments for age-old British financial firm Rathbones, expressed the investor’s desire for certainty or high probabilities in a recent opinion piece.
He explained that, for three years, he has been trying to remain objective on UK/EU politics, despite inconsistency and “stupidity on both sides” of the Brexit debate. His goal: “to plot an investment strategy that navigates Brexit so we make money irrespective of the outcome.”
In practice, this meant avoiding UK public limited companies, but suggested, “For our multi-asset portfolio funds, revocation of Article 50 would drive us to buy UK assets.”
With political murkiness already directing investment, endless data breaches and cybersecurity failures represent another elusive economic variable.
The recent Capital One data breach exposed the records of almost 106 million people. It happened shortly after Equifax reached a settlement with the FTC, concerning a 2017 hack that affected 147 million people.
Capital One maintains that no credit card account numbers or login credentials were revealed, but social security/insurance numbers and linked bank account numbers were exposed. This breach could even affect DoD cloud computing contracts.
There are also risks associated with the processes of customer notification and damage control. Capital One plans to notify impacted customers by either letter or email and has warned people not to give out their personal information over the phone to any caller claiming to be from the bank.
The bank itself will also be negatively affected, as is any company that finds its data breached. The financial consequences of data breaches are rising and it takes time and resources to resolve liability issues.
According to IBM analysis, “breaches of more than 1 million records cost companies a projected US$42 million in losses; and those of 50 million records are projected to cost companies US$388 million.”
Brands also lose the trust of consumers whenever they accidentally expose data and personally identifiable information over which they were stewards. But given the widespread nature of data breaches, it isn’t obvious that any company can earn and maintain consumer trust through consistent cybersecurity.
Ironically, perhaps this lessens the likelihood that customers will take their business elsewhere due to a breach. This is, admittedly, a terrible and ironic form of corporate self-preservation: reducing risks of revenue loss through universally risky cybersecurity standards.
There was a time when computer viruses were more contained, perverse undertakings, done “for the lulz” of programmers. Today, commerce and conversations are digitized, globalized, and expedited. Commercial opportunity is spreading but so is the opportunity for exploitation and damage.
Predicting the economy is a difficult undertaking. Some academic economists have suggested that economic policy uncertainty is slightly higher under the Trump administration than it was under his predecessor. Others have disputed the methods they used to reach that conclusion.
Although some FinTech solutions aim to clarify economic forecasts by crunching higher volumes of data, with lower levels of bias, that undertaking may never be perfected.
There are too many forces at play. It’s clear that in the near-term, cybersecurity inadequacies could act as one of those complex forces. Can we continue to live with that? As various technologies advance, the level of data collection will also increase.
Some of that data may be more precious than what is already collected. We are raising the stakes, but not the standards. And the outcome could run away from us.
30 September 2022
29 September 2022