This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.
How much does a data breach cost?
Approximately $3.86 million, according to a new report sponsored by IBM. That’s the average amount companies spent to recover from hacks, including the costs of forensic investigations, legal fees, regulatory fines, and lost business. The study surveyed more than 500 breached organizations about digital break-ins that occurred between August 2019 and April 2020.
This year’s headline figure dipped a bit compared to last year’s, when companies reported spending $3.92 million on average. The authors say the slight decline in expenses reflects maturing security programs for some companies, but note that costs were “much higher for organizations that lagged behind.” (Even so, the costs have remained pretty consistent over the years.)
Although the study took place mostly before the coronavirus pandemic hit its stride, it included prescient questions. The pollsters at the Ponemon Institute, the nonprofit cybersecurity research outfit that conducted the interviews, asked companies how they expected working from home to affect their ability to recover from breaches, for instance.
Three quarters of the respondents said they believed it would be harder to identify and contain breaches with remote staff.
Tell that to Twitter, which recently suffered an extraordinary security failure after, notably, green-lighting an indefinite work from home policy. (An insider told me that, as the hack was unfolding, Twitter warned its employees not to trust online communications with colleagues, as the company could not immediately ascertain the extent of the compromise. No doubt sitting side-by-side would have helped there.)
Another finding that caught my eye: The costliest breaches apparently involved the compromise of personally identifiable information—like customers’ names, addresses, and Social Security numbers—rather than thievery of intellectual property. Surely, this is an artifact of the ease of measuring certain costs—fees for notifying victims, paying for credit monitoring, etc.—versus the harder-to-measure, deleterious effects of industrial espionage.
Chris Scott, director of security innovation for IBM, acknowledged this disconnect. When trade secrets are stolen, “those costs can be longer term and difficult to quantify,” he said. Such breaches “can actually have a huge long term financial impact on a company, particularly if the information stolen impacts their business performance or competitive advantage.”
To ignore that would be to fall for the same trap that ensnares the worst short term-thinking on Wall Street. Fixating on the most obvious and immediately apparent quarterly numbers can provide a temporary boost, sure. But if a business is not managing for the long term—and protecting its most valuable, vital assets—it’s guaranteed to wither.
Same goes for cybersecurity investment decisions. If intellectual property is not your top priority, you may as well prepare for a company like Huawei to eat your lunch.
Robert Hackett
Twitter: @rhhackett
Email: robert.hackett@fortune.com
THREATS
Kings of the Hill. The CEOs of America's biggest tech companies—Amazon, Apple, Facebook, and Google—are set to appear before the House antitrust committee today to argue they are not monopolies. Jeff Bezos's opening statement paints Amazon as a relative pipsqueak fending off a horde of rivals, including Target, Costco, Kroger, Walmart, Shopify and Instacart. Google's Sundar Pichai name-checks competition everywhere from Amazon Alexa to Twitter to WhatsApp. Tim Cook tries to argue that Apple's App Store is fair. And Mark Zuckerberg raises the China specter, arguing that Facebook, alternatively, represents "the American way." You can tune into the livestream here at noon.
Misanthrope vs. philanthrope. While her ex-hubbie Bezos was preparing to be grilled on the Hill, McKenzie Scott released a record of her recent charitable givings. The novelist-turned-billionaire donated $1.7 billion to a host of nonprofit organizations. She has vowed to give away all of her money in her lifetime. Apparently Scott, not Bezos, got "generosity" in the divorce settlement.
Do you hear what I hear? Music-streaming service Spotify reported mixed earnings for the quarter that ended June 30. Revenue rose 13% to €1.89 billion, in line with guidance, and listening levels, which dropped off during the pandemic, mostly returned to normal, it said. But the company lost €356 million, a huge leap over the €76 million it lost during the same period last year. The cause: steep payroll taxes in Sweden owing to a 70% price run-up in shares since end of May.
Chip on your shoulder. Chipmaker Advanced Micro Dynamics, or AMD, is celebrating a fantastic quarter. The company posted $157 million in profit, up from $35 million a year earlier, and it raised its full-year sales-growth guidance to 32%—$2.55 billion in total—from an earlier forecast of 20% to 30%. Intel, meanwhile, is reorganizing its executive team in light of delays of its upcoming 7-nanometer chip tech; chief engineering officer Murthy Renduchintala, formerly of Qualcomm, is out.
"Hack the planet!" Surprise, surprise: Russia has been spreading disinformation about the coronavirus pandemic, according to U.S. intelligence agencies. Beijing is said to have hacked the Vatican in recent months, ahead of sensitive negotiations over the appointment of Catholic Church leadership in China. And U.S. prosecutors are mysteriously pushing to dismiss a case against two former Twitter employees charged with spying on behalf of Saudi Arabia.
ACCESS GRANTED
Where do cybercriminals lurk? One popular haunt, at least virtually: a dingy underground bunker built by the West German Army in the 1970s. In this bizarro world-spelunking feature, The New Yorker investigates a notorious Dark Web server farm called the CyberBunker.
In 2012, a foundation controlled by a fifty-three-year-old Dutchman named Herman-Johan Xennt proposed to buy the bunker complex. Xennt travelled to Traben-Trarbach to explain his plans to a closed session of the town council. He was a striking man, with a cascade of shoulder-length gray-blond hair, and wore a dark suit, which highlighted the pallor of his face. Xennt told the council that he intended to set up a Web-hosting business at the bunker complex, and promised to create as many as a hundred jobs for local people, but he was vague when pressed for details.
FORTUNE RECON
Americans remain politically divided on wearing a mask By Sy Mukherjee
Jeff Bezos’ ex wife McKenzie Scott says she’s donated $1.7 billion to racial equity and other causes By Emma Hinchliffe
Google’s upcoming Grace Hopper subsea cable will span the Atlantic Ocean By Jonathan Vanian
When will the pandemic end? Not before 2022, ex-U.S. surgeon general warns By Maria Aspan
Amid pandemic, top CEOs say digital transformation is accelerating. Where it’s headed? Less clear By Andrew Nusca
Quibi actually got 10 Emmy nominations—and other surprises By Mark Kennedy
CES is going to be a virtual event in 2021 By Joseph Pisani
ONE MORE THING
North Korea has recorded its first suspected case of COVID-19. The Hermit Kingdom, infamous for its isolation, declared a national emergency and closed down the border city of Kaesong, where the suspected virus carrier has been placed in quarantine alongside others who were potentially exposed. The "patient zero," in this case, is supposedly a onetime defector who returned from South Korea this month to escape sexual assault charges.