Business Impact Of COSMOS Bank Breach – FireCompass

Recently, you might have heard in news about COSMOS Bank Breach, a 112-year old cooperative bank in India and the second largest in the country being hacked and crores were siphoned off. COSMOS Bank has faced monetary  losses because of recently happened COSMOS Bank hack. And also they might have to face non-monetary losses like any other financial organisation post breach. In this blog, we have analysed the business impact of COSMOS Bank breach. Monetary losses might include:

• Direct loss of money siphoned off because of breach
• Losses because of no banking operations post breach as precautionary measure
• Investigation Cost for the breach bank has to bear
• Many operational overheads because of breach like marketing & PR cost, cost of repairing the compromised infrastructure, etc

Non-Monetary losses might include:

• Reputation and brand value loss
• Customer Churn & Loss Of Customer Loyalty

Potential Business Impacts:

Monetary Impacts:

1- Direct Monetary Loss:

In the first attack on August 11, using stolen card details, approximately Rs 78 crore was withdrawn in transactions in 28 countries. This included around 12,000 Visa card transactions. On the same day, approximately, Rs 2.5 crore was withdrawn through 2,800 debit card transactions in India at various locations. On August 13, the hackers transferred Rs 13.94 crore into an account in the Hang Seng Bank in Hong Kong by initiating a SWIFT transaction. In two days, there was a total monetary loss of 94+ crore rupees which was faced by COSMOS bank from this breach. (Source: economictimes.indiatimes.com/articleshow/65399477.cms)

2- Cost Of NO Service/Business Closure:

Once COSMOS Bank has come to know about the breach, as a precautionary measure Bank has shutdown all it’s servers and net banking facilities.  Clients were not able to access the ATM and net banking services. This has caused loss of business because of no operations. (Source:https://www.firstpost.com/business/pune-based-cosmos-banks-server-hacked-rs-94-cr-siphoned-off-in-two-days-4963271.html) As per Ponemon Cost of Data Breach Study, the cost to a financial institution facing a cyberattack specifically targeting their online banking services costs an average of $1.8 million. It can give you an idea of losses to COSMOS Bank because of business closure. (Source: IBM. (2017). 2017 Ponemon Cost of Data Breach Study. Retrieved fromhttps://www.ibm.com/security/databreach)

3- Investigation Cost:

Post hack, COSMOS Bank has to bear investigation and legal cost for the hack. Bank has also appointed a professional forensic agency to investigate the fraud, Cosmos Bank chairman Milind Kale said . “A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach,” the official said. A case has been registered under section 43, 65, 66(C) and 66 (D) of the Information Technology Act and relevant sections of Indian Penal Code. causing a legal cost to Bank. (Source:https://www.firstpost.com/business/pune-based-cosmos-banks-server-hacked-rs-94-cr-siphoned-off-in-two-days-4963271.html) (Source:https://mumbaimirror.indiatimes.com/mumbai/crime/cosmos-banks-server-hacked-rs-94-cr-siphoned-off-in-2-days/articleshow/65408365.cms )

4- Operation Overhead Cost :

There are going to be many operational overheads for COSMOS Bank. Some of them which are as following:

• Cost to Replace the Cloned Cards: Bank has to replace the cards of users whose cards were cloned for the attack
• Marketing and PR Cost: There might be a significant marketing and PR cost for the Bank to communicate the clients, partners, media, board members, and stakeholders.
• Repair and Rebuilding Cost: Bank has to patch the systems compromised and take necessary security measures to avoid these kind of incidents for future. This might cost quite for the bank, as first they have to scan through their infrastructure for unsecure or weakly secured systems or Shadow IT.
• Employee Overhead Cost: Bank has to pay its employees even if they were not working for the days when bank has shutdown all it’s servers and net banking facilities.
• Regulatory/Legal Overhead Cost: Bank has to inform RBI, and take necessary post breach actions.

Non-Monetary Impacts:

1- Reputation / Brand Value Loss:

The financial impact of a loss of brand reputation and trust after a cybersecurity incident can be significant for Bank. Because of the breach, Bank has irreparable damage to its reputation. In this connected world, the COSMOS Bank breach news spread very fast, And Bank has been branded as breached Indian Bank internationally. It will impact their future operations either with their clients or partners, or stakeholders. They will face difficulty in acquiring new customers, as people are scared of keeping their money in a breached bank who has lost crores. (Source: IBM. (2017). 2017 Ponemon Cost of Data Breach Study. Retrieved fromhttps://www.ibm.com/security/databreach)

2- Customer Churn & Loss Of Customer Loyalty:

Trust is key when it comes to customer loyalty. Being a fraud victim obviously affects a customers’ perception around their banks security measure, which in  turns affects the existing customers of a Bank, and increase the churn rate. A report by the Ponemon Institute and IBM reported customer churn caused by this loss was a leading contributor to the growth in the increased indirect cost of a data breach. In fact, companies that experienced less than 1 percent churn or the loss of existing customers, had an average total cost of data breach of $5.3 million, and those that experienced churn greater than 4 percent had an average total cost of data breach of $10.1 million (Source: IBM. (2017). 2017 Ponemon Cost of Data Breach Study. Retrieved fromhttps://www.ibm.com/security/databreach) If you feel we have missed some other costs to COSMOS Bank because of breach (Direct or Indirect), Please comment them below in comment section.