Investors are downplaying the cost of Anthem's data breach. Well-publicised intrusions elsewhere have put once-complacent managers on notice. But the small impact on the stock of the $37 billion No 2 US health-benefit group after up to 80 million records were compromised suggests shareholders are still not fully alert.
The stolen information potentially includes social security numbers and other identifying details. By noon in New York on Thursday, Anthem's shares were down a modest 0.65 per cent, clipping $240 million or so off the company's market value from Wednesday's close. The exposure from remedial costs, litigation, regulatory action, lost credibility and customer defections could eventually add up to much more.
One reason investors may be overly sanguine is that Home Depot and Sony appear not to have been hit hard. The retailer recorded $43 million of pretax expenses in the third quarter of last year related to the hacking of tens of millions of records, about a third of which it expects to be covered by insurance. Sony said its investigation and remediation costs in the quarter to December were just $15 million for its smaller but very public breach.
Target has had longer to assess the impact of its late-2013 breach, also involving tens of millions of customers. It has so far accrued $248 million of costs, before insurance recoveries. That includes estimated payouts to card networks and others, but not any damage to its reputation.
Anthem says the thieves filched neither payment information nor, worse still, medical data. It also detected and responded to the breach in just days, suggesting greater awareness than others have shown. Yet, it's in one of the most sensitive - and heavily regulated - US industries for customer confidentiality.
Some investors appreciate the significance. Shares of FireEye, the cybersecurity firm called in by Anthem to help clean up, popped by five per cent, adding almost as much market value as the health insurer lost. A company is bound to suffer crippling financial damage from a cybersecurity breach someday. Maybe that's what it will take for most investors to learn to act first and ask questions later.
The stolen information potentially includes social security numbers and other identifying details. By noon in New York on Thursday, Anthem's shares were down a modest 0.65 per cent, clipping $240 million or so off the company's market value from Wednesday's close. The exposure from remedial costs, litigation, regulatory action, lost credibility and customer defections could eventually add up to much more.
One reason investors may be overly sanguine is that Home Depot and Sony appear not to have been hit hard. The retailer recorded $43 million of pretax expenses in the third quarter of last year related to the hacking of tens of millions of records, about a third of which it expects to be covered by insurance. Sony said its investigation and remediation costs in the quarter to December were just $15 million for its smaller but very public breach.
Also Read
Those figures, though, are just the start. Home Depot expects claims from payment card networks but can't yet quantify them, and dozens of potentially affected parties have filed lawsuits.
Target has had longer to assess the impact of its late-2013 breach, also involving tens of millions of customers. It has so far accrued $248 million of costs, before insurance recoveries. That includes estimated payouts to card networks and others, but not any damage to its reputation.
Anthem says the thieves filched neither payment information nor, worse still, medical data. It also detected and responded to the breach in just days, suggesting greater awareness than others have shown. Yet, it's in one of the most sensitive - and heavily regulated - US industries for customer confidentiality.
Some investors appreciate the significance. Shares of FireEye, the cybersecurity firm called in by Anthem to help clean up, popped by five per cent, adding almost as much market value as the health insurer lost. A company is bound to suffer crippling financial damage from a cybersecurity breach someday. Maybe that's what it will take for most investors to learn to act first and ask questions later.