Tuesday, July 12, 2011

Hacking Costs Billons in Stock Losses: 2.88 billion more reasons to enforce security policies

The negative impact of information security incidents on stock prices has been documented numerous times over the past ten years, but I think we are now witnessing the most dramatic hacking-related stock losses ever seen, as reported in the Guardian last Friday under the headline BSkyB shares fall £1.8bn. For American readers:
  • BSkyB is British Sky Broadcasting, a satellite TV company 
  • BSkyB is like DirecTV only bigger (based on Market Cap), 
  • the Guardian is a very reputable British newspaper,
  • one British pound is worth about $1.6,
  • that share drop erased $2.88 billion from the company's value.
What information security incident at BSkyB triggered this share drop? That's a trick question! The stock dropped because of the illegal hacking of voicemail by a person or persons hired by a British newspaper, News of the World, often referred to as NOTW.

The owner of NOTW is Rupert Murdoch's News International (NASDAQ:NWS) which has been looking to buy BSkyB, pending approval by regulators, who may not be so keen to approve the deal given the mess that News International is now in as a result of the scandal surrounding the voicemail hacking. When you look at how the stock of NWS fared today you see where the term "fell off a cliff" comes from:

Bear in mind that NWS owns the Wall Street Journal, the New York Post and Fox everything, from movies to TV channels to TV stations.

So what we have here is an amazing example of how a few people committing acts of hacking on behalf of one relatively small part of a big company can cause massive damage that extends beyond the company itself, not to mention the victims of the hacking, like the parents of deceased soldiers and at least one murder victim.

And the collateral damage will roll on. People who own shares of BSkyB and NWS may sue the company executives. People laid off by the News of the World, which has been closed for good, may sue for loss of reputation by association. Victims of the hacking may sue.

All of which could have been avoided if the News of the World had adhered to privacy standards and ethical business standards. But the company allowed this to happen, over a period of years, so there can be no defense based on the existence of policies. (If you have your company network password taped to the bottom of your keyboard, in violation of company security policy, there is legal precedent for saying that is not grounds for dismissal if the company has tolerated everyone doing the same thing for some time.) 

There will be much more about this hacking-induced upheaval as the days roll on...including the huge irony of hacking closing a major British newspaper, not because of outside criminal hackers breaking in, but because of insiders illegally hacking people outside the company.

BTW, if you want the whole sordid story of this hacking debacle prior to this latest development, including police corruption and royal family secrets, this Wikipedia article is a good source. I will end with a footnote on the BSkyB share value: the amount wiped out by the end of today was $3.84 billion.

No comments: