Shostack + Friends Blog Archive


Visualization for Gunnar's "Heartland Revisited"

You may have heard me say in the past that one of the more interesting aspects of security breaches, for me at least, is the concept of reputation damage.  Maybe that’s because I heard so many sales tactics tied to defacement in the 90’s, maybe because it’s so hard to actually quantify brand equity and impact to brand equity from a data breach.

Either way, Gunnar’s post on “Heartland Revisited” is great analysis.  I’d like to point you there, and add two things.  First, its my personal pet hypothesis that “reputation” only really matters in B2B cases where there are individuals who are responsible for choosing the breached vendor.  Nobody wants to be the guy that “hired those screwups”, and if you are, you pretty  much automatically have to consider firing them.

Second, I thought I’d add a bit of a visualization, tracking the stock prices from just before the incident until now. By clicking on the image below to see the full graph, you’ll see that Heartland had been a leader among those four (at least using this particular metric), dropped significantly with the data breach and, as per Gunnar’s analysis, is now still trying to recover (be that from the breach or other factors or what have you – not making any inference there).

Again, I’m not trying to draw any conclusions from this, saying “See!  Reputation matters!” or even claiming that Heartland is an exception to Betsy Nichols excellent work, but I do think this is interesting, even if just as a casual observation.