Federal Reserve Monetary Policy Reduces Cybercrime

The Federal Reserve performs many services to the consumers and businesses of the country. One of these services is to establish monetary policy. In recent years the Federal Reserve has established multiple layers of Quantitative Easing (QE) and Zero Interest Rate Policy (ZIRP). The Federal Reserve has many reasons for maintaining ZIRP.

The effect of current monetary policy is the incentives and benefits it creates. One of the goals of monetary policy is to stimulate the economy. With interest rates at near zero percent the incentive is not to save, but to spend. Some believe that the Federal Reserve is penalizing retirees or those saving for retirement by incentivizing young people to buy houses, cars, and other discretionary goods. In order to get a decent return on investment those close to retirement are forced out of relatively safe treasuries. Many are invested in high yield dividend stocks or are maintaining a capital allocation in growth stocks that is higher than recommended for the age group. The long term effect on the economy is a topic of debate as is the effect on senior citizens and the behavior of young consumers.rnrn rnrnThe debt vs. savings aspect is interesting in that high leverage is being encouraged because interest rates are so low. Consumers can now afford a bigger car and a bigger house because of interest rates. Why not get a little more house than you need because you can flip it in 10 or 20 years for a lot more? Need new furniture and appliances to go with the house? How about 0% interest for 36 months? The effect of this is less income for saving, but when you”re only getting 2% on a 10 year treasury why bother saving?

The effect of more spending rather than saving changes incentives for financial crime. Everyone loves to hit a home run. As the US economy was coming out of the recession many companies such as Amazon were beating earnings by a huge amount. Call options trading at .50 prior to earnings popped up to $13 the day after. If you were in the right place at the right time that was a home run. This is why people love the derivatives market. Home runs are also popular with salespeople. Why chase a $500k deal when you can close a $10M software deal? It is more likely to hit singles than home runs, but everyone loves the long shot, even though slow and steady wins the race.rnrn rnrnCybercriminals also want to close big deals. A savings account with $100k is worth more in terms of time and hassle than picking off many people who only have a few hundred in their account. This will have a profound effect on the face of financial crime. Consider a millennial worker who is highly leveraged. On pay day one could look at their checking account pending transactions and see a direct deposit for X and a set of ACH transactions the same day for 90%+ of their pay going to mortgage, car, credit cards, etc. Contrast this to a baby boomer who is afraid of the stock market and is holding cash in a savings account to maintain liquidity. Who is going to be the windfall profit for the cybercriminals? The millennial is going to have very little cash on hand and would be a target of convenience if  the criminals already have access to the bank account.  The boomer has more to lose, but also consider that this demographic is more prone lose money to charity phone scammers than hackers. One way of keeping others from stealing or sweet talking you out of your money is to spend it within seconds of it arriving.  Because there will be little in the way of cash available the only viable target will be credit cards where consumers have zero financial risk from fraudulent or criminal activity. This approach pushes risk away from the consumer public and back on the banks that are issuing credit cards. Mission accomplished.

A strategic goal of information security is to reduce the incentive to commit cybercrime. Federal Reserve monetary policy has accomplished consumer protection via ZIRP, leading to a change in consumer behavior, leading to a near zero risk of cybercrime against consumer bank accounts by decreasing incentive for targeting cash. Millions of dollars in spending on boxes in data centers have not stopped cybercrime, but have contributed greatly to climate change.  The Federal Reserve may have solved a large segment of consumer cybercrime problem that the Information Security Industrial Complex has yet to scratch.

Does Value Drop After A Data Breach

The June issue of Compliance and Ethics Professional has a brief but interesting article by Sally March titled Are you confident it’s confidential? One of the references in the article cites the Ponemon Institute report “Reputation Impact of a Data Breach”. This is an older report from 2011, but we can examine the findings and determine the accuracy of the claims.

The study surveyed 843 senior-level individuals with deep expertise and knowledge about their organization’s brand and reputation management objectives.

We asked individuals participating in our study to estimate the economic value of their organizations’ corporate brand or reputation. The responses ranged from a value of less than $1 million to more than $10 billion. Using an extrapolation method we determined the average value of reputation or brand image for the organizations participating in the study – which is estimated as $1.56 billion. Depending upon the type of information lost as a result of the breach, the average loss in the value of the brand ranged from $184 million to more than $332 million

The results are extrapolated which means they are estimated, but that will allow us to see if the persons surveyed were correct in their assumptions. Table 1. Calculus on the economic impact of reputation decline from data breach states that Diminished value resulting from a data breach of customer data is 21% while Diminished value resulting from a data breach of employee data is 12% while Diminished value resulting from a data breach of IP data is 18%.

Based on what we know in our previous studies of company valuation after a data breach these numbers do not sound correct which would mean that the impact is being overestimated. For our purposes we will look at equity performance since the data breach of several high profile companies with high profile data breaches. The change in consumer sentiment will be felt on the Income Statement which will be reflected through the stock price. We believe this is a more realistic way to determine economic impact as US markets are liquid and efficient.

Below are selected stock charts from TGT, HD, and SNE starting from the time their data breaches were reported in the news to the present day. We will also examine LL which experienced a dangerous consumer products scandal, broke by Case Capital Management that was aired on 60 Minutes to compare real world consumer harm vs. virtual consumer harm with regard to company performance.

clip_image002

clip_image004

clip_image006

clip_image008

We can distill the information provided by the stock charts down to the equity that was affected by the event, the stock price on the day of the event, the current stock price, and the change in value. As we can see the companies suffering from a consumer data breach experienced an average increase in value of 24%. While the company that experienced a real world hazard has decreased by 79%.

Equity Day Of Event Current Day Change
TGT 63.76 78.03 22%
HD 91.15 117.5 29%
SNE 21.63 25.87 20%
LL 69.99 14.90 79%

Conclusion: The estimates in the Ponemon report of a 21% decrease in economic value. We do not see this reflected in equity prices as valuations have increased since the event. We believe that the economic impact of consumer data breaches is overstated as consumer sentiment has not shifted to a degree that has an effect on earnings. It is likely that the personnel surveyed had overestimated the impact due to marketing material produced by the Information Security Industrial Complex. The impact to many corporations have been mitigated by Cyber Insurance (TGT, HD) or by CapEx and other cost reduction measures brought on by Shareholder Activists (SNE). Shareholder Activists and executives should reevaluate spending priorities in light of the current trends in equity performance after a data breach event.