News broke on November 7 of an attack that took £2.5 million from 20,000 customer accounts at Tesco Bank, a British retail bank. As investigators search for the source of the attack, headlines have called attention to the attack’s business impact on the bank.
This incident shows why C-level executives have made cybersecurity a top priority in recent years. Security breaches have far-reaching effects, damaging public perception of the company and hurting the bottom line.
Loss of Customer Trust
The number of customers affected by the attack has been revised: in the past week: only 9,000 accounts were involved in the attack. It’s good news that fewer customers were harmed, but any number of harmed customers is too many.
Even customers without fraud on their accounts were affected. After the attack was detected, all online transactions were suspended over the first weekend in November.
Banks are required to refund fraud victims, but interviews with the bank’s customers show that a sudden drop in account balance can be more than a minor inconvenience. Some customers took to social media to criticize Tesco Bank’s response to the incident.
Furthermore, Tesco Bank has been attempting to increase its market share and lure customers away from competitors. It’s too early to know what impact the attack will have on the bank’s growth, but no reasonable person (or investor) can believe a cyber attack will help.
In the week after the attack first made headlines, data shows customer perception of Tesco Bank has dropped dramatically.
Fines, Refunds, and Breach Investigations
Tesco Bank will refund the money that was stolen from customers. While £2.5 million is a large amount, that alone isn’t likely to cripple such a large company.
But government fines and penalties are also a possibility if “failures in Tesco Bank’s systems and controls contributed to the incident.”
Because the investigation is still underway, no one can definitively say whether Tesco Bank could have prevented the attack or detected it earlier. Regardless of the results, the investigation itself will be time-consuming and costly.
Tesco Bank has assured customers that their personal data was not compromised during the attack.
Most high-profile security breaches typically do involve customer data, which can then be sold on the black market and used for identify theft.
It’s unclear whether this fact will resonate with customers, investors, or the general public in way that reduces the business impact of the attack.
Lessons from the Breach
As investigators work to determine how this attack was perpetrated and who was behind it, businesses around the world can take steps to mitigate the risk of becoming a victim. This means following cybersecurity best practices, which start with assessing the vulnerabilities on your system.
For organizations running IBM i, a Risk Assessment will provide a thorough examination of your security posture. If you’re not ready for that, our Security Scan is a free, no-commitment look at key IBM i security metrics.