It hit the news today that the LinkedIn (NASDAQ: LNKD) data breach cost between $500K and $1M and that the company will be spending $2M-3M in the current quarter to enhance their security measures. In the larger picture this is a minor bump in the road. Revenue forecasts have been raised and on 8/2 they announced that top line growth came in at +89% at $228.2 million, beating analyst estimates of around $215 million. Bottom line income came in at $2.81 million down from 4.51 million in the prior year. The projected charge for security enhancements may affect next quarter’s earnings, but that doesn’t appear to be bothering anyone.
As we discussed earlier, in Security & Privacy Are Dead And Nobody Cares, investors do not care about minor security breaches. Sony and EMC suffered only in the short term. Blowing up an oil rig in the Gulf of Mexico seems to harm reputation more than having your corporate or customer secrets stolen. Revenue is what Wall Street and private equity are looking for. If the buying public doesn’t care, neither will The Street. With the economy in the state it is, and the move away from traditional job boards such as Monster World Wide, Inc (NYSE:MWW), LinkedIn will surely drive traffic, ad revenue, and premium subscriptions no matter what data they lose. We should consider the actual impact of the LinkedIn breach. Rather than running around screaming they were breached, what was breached should be considered. In this case passwords to users resumes were disclosed. Sure, someone could log in as that user and attempt to establish connections with other people for social engineering, etc. But from the user’s perspective the worst that could happen is someone could make their resume false, or simply delete it, which would mean they need to update their resume again. So in a way the hackers might have been helpful on some level, depending on who you are in the mix of all this. Yes, that is an oversimplification for the sake of drama, but ask most users and you will find LinkedIn is not a big deal to them, in many respects.
Much to the chagrin of security professionals LinkedIn experienced an uptick in their stock price the day the breach was announced. Why did this happen? People were logging in to change their passwords and were being exposed to advertising which increased revenue. The bankers felt that the stock was a buy on that news. No SecurID seeds were stolen, and no cute dolphins were drowning in oil, which means it’s a buy. After a nice earnings announcement LinkedIn is on its way back up and has broken out of the trading range it was in. There’s almost an 80% chance it will touch 115 which is a nice move from 92.50 prior to earnings. This isn’t the price action in a company that is going out of business because some passwords were leaked or because they’re spending a lot to improve their security.
What is worse than an Infosec breach?
In the scheme of things Infosec breaches are low impact events. Most companies recover in a few weeks. Quality problems can cost you even more. How does a software glitch that loses $450 million and reduces stock value by 80% sound compared to LinkedIn’s problems? There are larger things that can happen besides an Infosec breach that executives are worried about. Consumers are also worried about things other than security breaches. This is one reason why Infosec breaches have lower impact to a stock price than manufacturing or software errors, or accidentally serving up blackened crawfish in oil to gulf coast residents. Wall Street knows that a little bit of credit monitoring, and banks eating 100% of credit card and account fraud means that consumers will not change their behavior because someone else is paying for their choices. In economics we call this moral hazard, but that’s a topic for another time.