Hacker News new | past | comments | ask | show | jobs | submit login

Literally the first company I pulled up, Capital One, has this in the 2020 10-K:

>During the year ended December 31, 2020, we incurred $66 million of incremental expenses related to the remediation of and response to the Cybersecurity Incident, offset by $39 million of insurance recoveries. To date, we have incurred $138 million of incremental expenses, offset by $73 million of insurance recoveries pursuant to the cyber risk insurance coverage we carry. These expenses mainly consist of customer notifications, credit monitoring, technology costs, and professional and legal support.

Go look at Equifax's 2018 10-K and it has pages upon pages talking about the impact, including:

> During the year ended December 31, 2018, the Company recorded $401.2 million of pre-tax expenses related to the 2017 cybersecurity incident and insurance recoveries of $75.0 million for net expenses of $326.2 million. Costs related to the 2017 cybersecurity incident are defined as incremental costs to transform our information technology infrastructure and data security; legal fees and professional services costs to investigate the 2017 cybersecurity incident and respond to legal, government and regulatory claims; as well as costs to provide the free product and related support to the consumer.

For Equifax, there is also an additional $112 million (net, after insurance recovery) in breach-related expenditures in the 2017 10-K.




I'm not sure which number to use, but Capital One had either 2.4 or 5 Billion in income... .066 billion on cybersecurity remediation isn't an existential threat.


Aren't they just fixing leaks in the ship that should have been adressed years ago? If these are expenses on their infrastructure, thats not really losses, its an investment.

Losses would be their customers abandoning them in droves, or having to pay out massive fines.


If I am being frank, based on anecdotes I have heard, Equifax had their heads so far up their asses that they basically had to rebuild their entire infrastructure because it was an unmitigated disaster.

This was a conscious business decision to not make the necessary changes to address their infrastructure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: