The financial consequences of cyberattacks

and more news for digital executives, by journalist Mitch Betts ▸ developments at McDonald's, Amazon, Dow Jones ▸ CxO jobs & appointments ▸ low-cost innovation ▸

Newsletter by Mitch Betts © Ampersand Reports 2018, all rights reserved.

Study calculates the financial hit from cyberattacks

A successful cyberattack that compromises consumers’ personal data leads to, on average, a loss of 1.1% of the company’s market value, and a drop of 3.2 percentage points in its sales growth rate, according to an academic working paper published by the prestigious National Bureau of Economic Research (NBER).

The study covers 188 successful cyberattacks of public companies over the 2005-2014 period. The results could be useful to digital executives who need to explain to the board of directors — in the financial terms they can grasp — the importance of sufficient security funding.

The poster child of financial loss is the 2013 data breach at Target Corp., where the ripple effects (e.g., reduced customer traffic, costs of responding to the breach) reduced Target’s earnings by $1.58 billion, or nearly 30%. Costs directly related to the attack, including settlements of lawsuits, totaled $292 million.

The June 2018 edition of “The NBER Digest” reported on other findings from the study:

When firms suffered breaches of personal data, such as Social Security numbers and bank information, the average immediate loss in stock value was 1.12%. Firms that experienced repeated attacks and/or lacked explicit risk-management committees suffered significantly greater losses.

Firms tend to respond to cyberattacks by increasing their attention to IT security, and in some cases by establishing or boosting a risk-management committee, the study found.

The study, “What is the Impact of Successful Cyberattacks on Target Firms? (NBER Working Paper No. 24409), was conducted by economists Shinichi Kamiya, Jun-Koo Kang, Jungmin Kim, Andreas Milidonis, and René M. Stulz.

Related: How to Calculate the Value of Security Investments

Who’s doing what

McDonald’s Corp. plans to add touchscreen kiosks to thousands of its U.S. fast-food stores (1,000 stores per quarter) over the next two years, because the company finds that “when people dwell more, they tend to select more.” (Kiosks are already in place in the U.K. and Canada.) USA Today Inc. launched a new visual search capability for its mobile shopping app called Part Finder, which allows users to take a photo of a screw, bolt or other type of fastener, identify it, and search for it on The computer-vision technology behind the feature, which can identify at least 100 types of fasteners, was created by Partpic, an Atlanta startup that Amazon acquired in 2016. Sarah Perez, TechCrunch

Dow Jones & Co. developed an open-source tool, called Hammer, that scans for security vulnerabilities within the Amazon Web Services cloud platform and, in some cases, fixes them automatically. Last year, basic subscriber information was left exposed to other AWS customers as a result of improper security configurations, which the new security tool can find and fix. — Sara Castellanos, WSJ: CIO Journal

Theme parks such as Disneyland Resort, Universal Studios Hollywood, and Six Flags Magic Kingdom are spending millions to provide free, high-speed Wi-Fi services to park patrons, making it easier to post photos and streaming videos to social media (a form of publicity). The parks also want patrons to use the smartphone apps they created for booking times to ride attractions, ordering food in the park, or monitoring the wait times of their favorite rides. — Hugo Martin, Los Angeles Times

Talent: jobs, appointments, careers

The Scripps Research Institute is seeking a CIO, reporting to the COO, responsible for IT at both the California and Florida campuses. “This position is a succession role that will overlap for some months with the current CIO until retirement.”

The City of Boston is seeking a cabinet-level CIO at a salary of $110,000 - $155,000, reporting to Mayor Martin J. Walsh. Boston residency is required.

Toyota Financial Services (TFS) USA, based in Plano, Texas, named Vipin Gupta as CIO. He was previously CIO at the Key Community Bank business unit of KeyCorp.

Total Wine & More — “the country‘s largest independent retailer of fine wine,” based in Bethesda, Md. — is seeking a chief digital/technology officer “responsible for developing and scaling omnichannel technologies across retail, mobile and web platforms.”

Comcast Corp. is seeking a chief privacy officer at its Philadelphia HQ to “direct Comcast Cable's legal privacy and information security strategy, compliance, and operations in support of the company's businesses globally, and to serve as co-leader of these same issues for Comcast Corporation, together with this role's counterpart at NBCUniversal.” Reports to the General Counsel.

AMN Healthcare Services Inc., a healthcare staffing service in San Diego, named Mark Hagan as CIO. He previously was CIO at Envision Healthcare, where he led an IT organization of nearly 900 team members.

MD Anderson Cancer Center is seeking a chief technology and digital officer in Houston.

{Brain food} “Cost-o-vation” = low-cost innovation

From the new book COST-O-VATION: Innovation that Gives Your Customers Exactly What They Want — and Nothing More, by Stephen Wunker and Jennifer Law (HarperCollins Leadership, August 2018):

Costovation is a type of innovation that significantly compresses costs while still wowing customers. It’s about meeting or exceeding customer expectations with less. Planet Fitness with its low costs and slim offerings — but ecstatic customers — is an example of costovation.

Innovation is typically thought to mean more: more flavors, more options, more features. What makes costovation so radical is that it flips this understanding on its head and says that sometimes the winning approach is to do less.

Costovation … suggests that big innovations can come from decluttering how you think, the way you do things, and what you offer.

Related: 5 Ways To Fund Innovation On A Budget