Recently, you might have heard in news about COSMOS Bank Breach, a 112-year old cooperative bank in India and the second largest in the country being hacked and crores were siphoned off. COSMOS Bank has faced monetary losses because of recently happened COSMOS Bank hack. And also they might have to face non-monetary losses like any other financial organisation post breach. In this blog, we have analysed the business impact of COSMOS Bank breach. Monetary losses might include:As per Ponemon Cost of Data Breach Study, the cost to a financial institution facing a cyberattack specifically targeting their online banking services costs an average of $1.8 million. It can give you an idea of losses to COSMOS Bank because of business closure. (Source: IBM. (2017). 2017 Ponemon Cost of Data Breach Study. Retrieved fromhttps://www.ibm.com/security/databreach)
- Direct loss of money siphoned off because of breach
- Losses because of no banking operations post breach as precautionary measure
- Investigation Cost for the breach bank has to bear
- Many operational overheads because of breach like marketing & PR cost, cost of repairing the compromised infrastructure, etc
- Reputation and brand value loss
- Customer Churn & Loss Of Customer Loyalty
Potential Business Impacts:
1- Direct Monetary Loss:In the first attack on August 11, using stolen card details, approximately Rs 78 crore was withdrawn in transactions in 28 countries. This included around 12,000 Visa card transactions. On the same day, approximately, Rs 2.5 crore was withdrawn through 2,800 debit card transactions in India at various locations. On August 13, the hackers transferred Rs 13.94 crore into an account in the Hang Seng Bank in Hong Kong by initiating a SWIFT transaction. In two days, there was a total monetary loss of 94+ crore rupees which was faced by COSMOS bank from this breach. (Source: economictimes.indiatimes.com/articleshow/65399477.cms)
2- Cost Of NO Service/Business Closure:Once COSMOS Bank has come to know about the breach, as a precautionary measure Bank has shutdown all it’s servers and net banking facilities. Clients were not able to access the ATM and net banking services. This has caused loss of business because of no operations. (Source:https://www.firstpost.com/business/pune-based-cosmos-banks-server-hacked-rs-94-cr-siphoned-off-in-two-days-4963271.html)
3- Investigation Cost:Post hack, COSMOS Bank has to bear investigation and legal cost for the hack. Bank has also appointed a professional forensic agency to investigate the fraud, Cosmos Bank chairman Milind Kale said . “A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach,” the official said. A case has been registered under section 43, 65, 66(C) and 66 (D) of the Information Technology Act and relevant sections of Indian Penal Code. causing a legal cost to Bank. (Source:https://www.firstpost.com/business/pune-based-cosmos-banks-server-hacked-rs-94-cr-siphoned-off-in-two-days-4963271.html) (Source:https://mumbaimirror.indiatimes.com/mumbai/crime/cosmos-banks-server-hacked-rs-94-cr-siphoned-off-in-2-days/articleshow/65408365.cms )
4- Operation Overhead Cost :There are going to be many operational overheads for COSMOS Bank. Some of them which are as following:
- Cost to Replace the Cloned Cards: Bank has to replace the cards of users whose cards were cloned for the attack
- Marketing and PR Cost: There might be a significant marketing and PR cost for the Bank to communicate the clients, partners, media, board members, and stakeholders.
- Repair and Rebuilding Cost: Bank has to patch the systems compromised and take necessary security measures to avoid these kind of incidents for future. This might cost quite for the bank, as first they have to scan through their infrastructure for unsecure or weakly secured systems or Shadow IT.
- Employee Overhead Cost: Bank has to pay its employees even if they were not working for the days when bank has shutdown all it’s servers and net banking facilities.
- Regulatory/Legal Overhead Cost: Bank has to inform RBI, and take necessary post breach actions.