JPMorgan Chase should be concerned with a suddenly turbulent market, but it’s the ongoing threat of cyber attacks that’s keeping the bank up at night.
On Tuesday, CEO Jamie Dimon addressed on the company’s third-quarter earnings call the recent, massive breach of its customers’ personal information. For America’s largest bank by assets, the reminder of the incident struck a bitter note in an otherwise positive report.
In October, the bank (JPM) revealed that contact information for 76 million households and 7 million small businesses had been compromised. It was not the only financial firm impacted by the breach—possibly a dozen others are included—but it’s among the highest-profile. (Unlike the recent breaches at Target and Home Depot, JPMorgan claims not to have lost payment card information. Rather, attackers may have obtained stolen names, mailing addresses, email addresses, and the like.)
During the call, CFO Marianne Lake said:
Finally, before I move on—as you are aware, JPMorgan and certain others in the financial services industry experienced cyber-attacks this quarter. We are taking every step to protect our customers and our firm, but these attacks highlight the need for continued and increased cooperation among businesses and the government to systematically reduce and [root out] cyber threats. We are committed to doing our part. To date we have not observed elevated levels of fraud related to this matter.
During the question-and-answer part of the call, a Morgan Stanley analyst brought up Dimon’s recently stated commitment to double cyber security spending. Dimon clarified the point, estimating that the company’s cybersecurity spending “will double over the next four or five years.”
Lake supported Dimon’s claim. “It’s entirely reasonable to assume that we’ll continue to increase our investments over the course of the next several years,” she said. “It will be larger. We’ll let you know.”
In a previous annual report, the company devoted an entire subsection to its cyber strategy and apportioned $250 million to digital security. That amount could grow to half a billion dollars by 2020 based on its new projections.
Dimon also highlighted the importance for private industry and government to team up against hackers. Security, he cautions, is no solo job.
“This is one area where the government and businesses have been collaborating really well,” he said. “The government sees all kind of attacks and they have a fountain of information.” Private industry “self-collaborates” when things go wrong, Dimon said. The concern for adequate protection runs horizontally across the industry and vertically through the supply chain. “We’ve identified this as a huge effort. We’ve been very good at it,” he said. “The most recent breach—which we’re not going to make excuses for—we’ll invest any and all things we just do to get it right. Our customers are protected, which is critical. But we don’t want these things to be happening.”
Dimon continued. “It’s going to be a battle. You’ve already seen a lot of very, very serious [data]—far more serious than personal data—being taken: Social Security numbers, security codes, account numbers, et cetera. We do think that, unfortunately, there are going to be some wins and losses in this.”