ABSI - An Examination of the recent Latitude Financial Breach

Every Tuesday afternoon we publish a collection of topics and give our expert opinion about the Equity Markets.

As-Barclay-Sees-It-Barclay-Pearce-Capital-News-Email-1

The run of high-profile Australian cybersecurity breaches continues with the ASX-listed Latitude Financial (ASX:LFS) recently announcing a data breach that could make it one of the biggest in Australian history and put it in the firing line for a A$50m fine. ABSI this week takes a look at the breach and the string of recent cybersecurity breaches affecting the data of millions of Australians. 

Last week Latitude Finance disclosed to the market that they had experienced a cybersecurity attack that had stolen the data of ~330k customers. However, with further investigation, it was disclosed yesterday that the number had ballooned by 42 times to include 7.9 million driver's licenses, 53k passport numbers, 100 financial statements, and 6.1 million records which include names, addresses, date of birth, and telephone numbers. 

The Latitude breach is just another example in a string of recent data breaches on Australian shores. According to data from Webber Insurance, there were 73 data breaches in Australia in 2022 with the highest profile being the Medibank Private breach that exposed the health records of 9.3 million Australians. For the record, the largest Australian data breach was from Canva in 2019 which exposed the login details of 140 million of the website's users.

Image 1 - absi - 28th of March

Source: McKinsey

Naturally, as we continually progress to a more digital world, the opportunities for cyber hacks will grow but given the intangible nature of cybersecurity, companies continue to underinvest in their cybersecurity. A McKinsey report claims that US$150 billion was spent globally on cybersecurity in 2021 and that figure is growing 12.4% annually. 

This is a lot of money but is it enough to protect the data and integrity of global commerce?

According to a study by the Identity Theft Resource Center, the average cost per record of a data breach that leads to identity theft was US$150 in 2020. This cost includes expenses related to credit monitoring, identity restoration, legal fees, and lost productivity. Using this figure as a benchmark, and coupling it with data from IT Governance which calculates 5.1 billion records were compromised in 2021, the annual cost of identity theft resulting from data breaches can quickly add up. The same McKinsey report predicts cyberattacks will produce ~US$10.5 trillion by 2025.


Image 2 - absi - 28th of March

 

Source: IT Governance

Turning specifically to financial institutions that face a higher risk of cyber threats due to the sensitive data they handle and the potential impact of a breach. According to a study by Deloitte, financial institutions worldwide spent an average of 0.13% of their annual revenue on cybersecurity in 2020. This figure represents a slight increase from the 0.12% spent in 2019, indicating that financial institutions are investing more in cybersecurity as threats continue to grow but not enough. 

Image 3 - absi - 28th of March

Source: Deloitte

Unfortunately allocating more money to the issue might not solve the problem. There is a severe deficit in qualified personnel making it extremely challenging for organisations to recruit and retain the skills needed to address their cybersecurity risks effectively. As a result, there are many companies looking to address the talent gap such as With You With Me, an Australian company that evolved from targeting retraining military veterans for cybersecurity roles to now targeting broader individuals for training in this vital skill set. 

Lawmakers can also play their part in incentivising companies to enact better data security practices.  In response to the Optus and Medibank breaches in 2022, Attorney-General Mark Dreyfus introduced legislation to increase maximum fines from $2.2m to $50m, or three times the value of any benefit from data misuse, or 30% of a company’s adjusted turnover; depending on which is the greatest. 

For Latitude that would be a bitter pill to swallow for a firm that made A$36.3m in NPAT in 2022.


We offer value-rich content to our BPC community of subscribers. If you're interested in the stock market, you will enjoy our exclusive mailing lists focused on all aspects of the market.

To receive our exclusive E-Newsletter, subscribe to 'As Barclay Sees It' now.