Most Read
- SEC Short Sale Rule Could Create a Bubble in Financial Stocks
- Wall Street Outsourcing to New, Exotic Corners of the Globe
- Analytics Help Firms Turn Data Into Opportunity
- Cisco Global Exchange Study Ranks Latency Among Top Success Factors in Competitive Race
- DTCC, Markit to Create Single Point of Derivatives Confirmation
- BlackRock To Acquire Analytics Software Company
- NYC Financial Firms to Get New Disaster Recovery Data Center in Pennsylvania
- Deutsche, Merrill Reveal Recession-Proofing IT Strategies
When Risk Managers Cry Wolf
By Greg MacSweeney, Wall Street & Technology
Avoiding "reputation risk" is a common justification for increasing security measures, protecting customers' financial information and reporting security breaches in a timely manner. But now more than 18 months after the big ChoicePoint incident when 163,000 accounts were affected by ID thieves, the doom and gloom that financial services risk professionals have predicted has failed to come true.
It's true that financial services firms have done a fairly good job of protecting personal data, especially when compared to some other sectors — including government, retail and education. In fact, most of the more recent reports of personal data that has been "compromised," either from hackers, lost tapes or stolen laptops, has come from various federal and local government organizations, retailers and universities.
For instance in November alone it has been reported that the IRS has lost 478 laptops since 2002, of which 112 computers had sensitive information. The New York City Administration for Children's Services dumped case records in a dumpster. Many of the records had personal information about children and police officers. Starbucks lost four laptops with 60,000 current and former employee records. And the University of Virginia sent 632 Social Security numbers to the wrong 632 students via e-mail. The mistake was blamed on a computer glitch.
For an IT risk management professional, the continuous string of data breaches, thefts and blunders should be a good thing, as it keeps the topic of data privacy and security on senior management's radar screen. But with the public tuning out the news that personal data is being lost almost daily by a variety of organizations, the doom and gloomers are being called out. Where’s the so-called reputation risk that everyone is so concerned about?
And because of the public's reduced sensitivity to reports of personal data breaches, it takes a much more serious data breach for consumers to turn away from a particular institution. True, many of the initial data breaches that were reported in mid-2005 and even early 2006 garnered front-page coverage in the Wall Street Journal or New York Times — the equivalent of six-point-o earthquake on the reputation risk scale.
But now, some pretty major personal data thefts are buried deep in the papers, if they are covered at all. When E*Trade Financial took a hit of $18 million in its 2006 third quarter earnings because of a pump-and-dump scheme started by ID thieves using key logging software, only bloggers and industry specific publications picked up on the news. TD Ameritrade was also hit by the same scam and reported a $4 million hit in its latest quarter. The media coverage was also virtually nonexistent.
So this means that the “reputation risk” card carries much less punch, now that consumers are content to have 97 million personal data records exposed since February 2005. Going forward, risk managers will need to rely more on the actual costs associated with data breaches, rather than play the reputation risk card.
It doesn’t mean that the risks and the associated clean-up costs aren’t substantial. E*Trade, for instance, used the $18 million to repay account holders. Same with TD Ameritrade’s $4 million. The first time a security breach hurts the financials, it’s a learning experience and firms generally work hard and fast to shore up any potential holes. The second time ID thefts hurt the quarterly results, you can be sure the CFO and CEO will be asking many pointed questions.
Posted by Greg MacSweeney at 12:16 PM
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
Greg MacSweeny Columns
Greg MacSweeneyIn a Matter of Months, CIOs’ Agendas Turned Upside Down
Early in the summer of 2007, Wall Street was counting its good fortune. In early summer 20...
Former CIO Gavazzi Launches Risk Alert Provider
Where Are They Now? Life After Wall Street
Where Are They Now? Mitchel Lenson, Former Deutsche Bank Group CIO
Larry Tabb Columns
Larry TabbClearing and Settlement Top-of-Mind for Front-Office Execs
In addition to the excitement in the U.S., the real focus is occurring in Europe, where th...
Risk Management IT Comes to the Forefront in the Wake of Subprime Credit Crisis
In a Tumultuous Economy, Wall Street Must -- and Will -- Find a New Model
CHECK THIS OUTNovell Real Time Linux Webcast SeriesIn order to succeed, companies must be able to respond quickly, deliver superior value and quality of service, and carefully manage their costs. In this series of brief webcasts, you will learn how SUSE Linux Enterprise Real Time from Novell enables organizations to respond quicker by delivering low latencies, deliver increased value with fast response times, and better manage costs. |
EventsLive Events:Accelerating Wall Street 2 October 02, 2008 Buy-Side Trading Summit 2008 November 16-18, 2008 |
White PapersLevel 3 Connectivity KitStay ahead of the bandwidth curve. The Level 3 Connectivity Kit provides full resources to help you make informed decisions regarding your network infrastructure. Download the Data Center Networking Strategies for Financial Services Firms White Paper; Business Class Ethernet: Trends in Perspective eBook and BC/DR Best Practices for the Data-Intensive Enterprise Gartner Webcast Surviving and Thriving in a Challenging Market Learn how financial services firms can use customer-centric strategies and tools to maximize client value and loyalty, gain insight into new opportunities, and do more with less, counteracting market volatility. |
Marketplace |
Career CenterReady to take that job and shove it?
|
Most Recent Job Posts:
* Lowe's seeking Manager of IT Research in Mooresville, NC
* Hebrew Senior Life seeking Senior Informatics Analyst in Roslindale, MA * UCLA seeking Programmer/Analyst IV in Los Angeles, CA * T-Mobile seeking Program Manager 3 in Snoqualmie, WA * Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA For more tech jobs in the industry, visit Wall Street & Technology's Career Portal. |









