When the complacent CEO gets hacked

By Terry Cutler

When that home phone rings at a time of morning when sleep has moved into deep R.E.M., and the text messages start appearing it could only mean one thing to a CEO; there is a problem with the company security net. This could cost millions.

From best-case scenario to worse, you go over it in your head. Best Case? The security team caught a small breach. It isn’t enough to be overly alarmed, but it does warrant a phone call. Worse? Your monitoring system has spotted what security is calling “highly” suspicious activity over the company network. They are addressing the problem.

When the phone is answered you are told it is the ladder and the situation is expected to get worse.

This could mean even bigger money problems. Nasdaq, Sony, Citibank, whos hacks cost millions. Citibank’s hack attack (http://moneywatch.bnet.com/saving-money/blog/devil-details/citi-hack-attack-6-things-you-must-do-now/4769/) in June of 2011 exposed personal information about some 200,000 customers. Since 2005, some 533 million personal records have been exposed, according to the Privacy Clearing House (https://www.privacyrights.org/). Sony’s 2011 hack of its PlayStation now reports that up to 70 million people had their personal data in jeopardy to hackers after a breach in 2011. Sony’s cleanup was estimated at 2 billion dollars.

In the meantime, the overnight customer service representative is reporting more than the usual complaints of unauthorized debits to their credit cards and banks, and your customer service department is overloaded with irate customers.

You’re next move? Admit it: you’ve been hacked.

Three credit card companies are on hold. Enough, you say. You’ve known all along, and on your way to work, the longest drive of your life. The year 2011 has been called the year of the hack, or at least more companies are admitting their security had been breached. Time to minimize the damage. On the drive to the office, you order company representatives to post a notification letter on the website, explaining the situation and assuring customers that the company is working on the problem. Offer credit-rebuilding services and flag unauthorized use of credit cards, and offer free stuff.

As CEO, you are aware of the value of reassuring customers and keeping them as valued customers. It’s the company’s bread and butter. A company’s reputation if founded on how customers are treated, and including them in the problem through notifications will help maintain the established reputation. Your head security consultant meets you at the door. He informs you that the hack is not as bad as first thought. In fact, only a few files were lifted, but the network was breached, and the consultant reminds you that security is not a reactive game, but one with a proactive approach.

What he is saying is budget more money for security – it’s better that way. Or pay the price of a large-scale hack!

The decision is clear, or is it?

Next week: why companies don’t budget for an eventual hack

follow me on twitter @terrypcutler


Stop the Charade

The independent advisor, shopping the market is a myth. I’m not saying there aren’t good advisors who do great work. Or that advisors are lying to consumers. But honestly, who really has enough time, knowledge or ability to check out every product possibility in the market, analyse it and make it fit every new client perfectly? This also takes incredibly deep client knowledge that takes time too. It’s a charade.

Who has all that time? Why are we pretending we do?

In fact, pretending we do has upped the regulatory ante in most jurisdictions. Because we say we are “holistic financial planners” liability litigators are holding us to it. That means that unless you can prove you do what you hold yourself out to be doing, you’ll be liable for a lot more than you bargained for.

This is why there are great financial planners who can give you a great plan based on tremendous knowledge of you and your situation but can only do a little shopping to find products to solve every issue. There are also great advisors who can shop a great deal of the market for many products but don’t have the time to do all the planning to place them all most effectively.

It’s just a charade to say that you can do it all. Most advisors have a few favourite companies and a few favourite products. That’s fair too. People understand.

We don’t have to overpromise and under deliver. It’s the worst sin of all in the business. It needs to stop. How about just saying what you really do, be proud of it and do it very well? You can. Consumers will buy it. They just have to know it.

Be honest with them. They’ll be fair with you.

Let’s try under promising and over delivering for a while. When you engage a new client in writing, keep client expectations under control so we don’t create a business that can’t be done. It’s getting that way already. It needs to stop.

I’m Jim Ruta and that’s just the way it is.

Companies guarantee our phones are secure? Really?

By Terry Cutler

Just how fast is technology moving? At lightening speed say security specialists, and when it comes to online security it’s moving too fast. We cannot keep up. The example is our growing use of mobile devices. In today’s world of business the Smartphone is fast becoming the gateway to sales and customer communication and operations. These mobile devices also double as the tool for personal banking, social media and emails.

According to several reports http://www.forbes.com/sites/ciocentral/2012/08/16/cios-must-address-the-growing-mobile-device-security-threat/

There are now 5.9 billion mobile-phone subscribers across the world. Returning to the Ponemon Institute study http://www.ponemon.org/index.php

I referred to in my last blog six out of every 10 cyber-security breaches can be linked to our mobile devices. Mobile device intrusions have increased by 155 percent. The speed, at which mobile breaches are occurring, according to the study, has increased to 3,325 percent over a seven-month period in 2011.

How does one control how corporate Smartphones are used?  Let’s start with knowing what applications are being installed and operated by the users?

But our phones are secure, right?

Why would such reputable companies develop and mass-market unsafe products? The product itself may be somewhat safe, but using the apps and other device products that are for sale are out of the control of the main manufacturer.

The Android Market, BlackBerry App World and Apple, reputable as three leading and business companies, are all present themselves as safe, but outside products, or third party products, may have malware that could wreak havoc on a Smartphone.

Consider that almost one third of the applications available from the Android Market or Apple App Store require access to user’s location data, according to App Genome Project, https://www.mylookout.com/appgenome/ to help keep mobile phone users secure.

Briefly, the App Genome Project (AGP) is an ongoing project that has scanned nearly 300,000 free applications, and mapped out nearly 100,000 applications available in both Android Market and the App Store.

The list of apps available seems endless. The project reported that the number of apps available on the Android Market increased by a whopping 127 percent since August 2010, while the Apple App Store grew at a rate of 44 percent. It is interesting to note the numbers for one reason; If the growth rate continues at the same pace, the Android Market will have more apps than the Apple App Store by Christmas of 2012, the project estimates.

Next Week,  “Mr. CEO you’ve been hacked! Now What?”

What should every CEO know?

By Terry Cutler

Security was once equal to a magnetic swipe of a plastic card along with a friendly wave to the neatly dressed and overworked security guard. In some companies “loose lips sinks ships” meant don’t talk business outside the office. In some cases, employee movement was tracked at every company door by tracking the employee’s magnetic card.

That was security.

These days, security means Internet and Smartphone security, and it is a whole new ball game with billions at risk. Loose lips sink ships now applies to employees social networking and not talking online with strangers, and recognizing a phishing attempt.

But what do employees understand about spyware, Trojans (other than what they read in media), phishing attacks, spamming and hacking techniques? Company CEOs are dealing with this and are offering in-house training to raise the security awareness of its employees. The premise is that knowledgeable workers who have acquired security training will develop a vigorous defense against outside intrusions.

This is what today’s CEO needs to know. His threat to security, and also his weapon against a threat, are the employees.

These employees bring greater value to the workplace, and can be extraordinarily productive, efficient, and add value to the company by fostering a company that has little to no security breaches.

It isn’t that complicated, as some are led to believe. Do employees need to be certified ethical hackers? No, but employees can determine if an email is legit, or not, and recognize a phishing attack.

Yes, companies can even go further by providing high-level security training that could lead to security certification; the cost has to weigh against the number of employees leaving the company. High-level training can be a large expense, yet the return in security could reap rewards.

So there is no question that today’s business is based on, or moving towards, online operations and in the last three years the drive to protect customer data is gathering the same amount of speed, and while CEOs have the entire security system to lose sleep over, employee training in security systems should not be overlooked.

Next week, the myth that companies can guarantee Smartphone security

Pay Now or Pay Later: protecting customer data has to be a priority

By Terry Cutler

It is understood in the world of business moving forward without the Internet is an effective way to move backwards, and fall behind the competition who have already taken advantage of the Internet to market and sell their products and services.

It’s a logical move, one that seems easy enough. Create your site, reach out to your customer base and provide a way to pay online. It is fast and easy. It’s a bright light for decision makers who are making the leap in significant ways hoping to cash in.

Billions of dollars can be made.

There is a dark side, one that often surfaces when it is too late and one that is often overlooked. Welcome the unexpected scrupulous hacker to your business, and this person isn’t after your product; he’s hunting for your customer information such as credit card and banking information.

Billions of dollars can be lost.

And the hacker, often called a “black hat” knows something you don’t. Your business is cheap, or in the least do not have the funds when it comes to protecting customer data, and he knows more about your security and can worm and wiggle his way through your security system in ways you could never imagine.

Just how much of a threat is a hacker to a business?

The Ponemon Institute, considered the leading research center dedicated to privacy, data protection and information security, in March of 2011 demonstrated that costs to business being hacked in 2010 reached $214 per compromised record and averaged $7.2 million per data breach event. The costs included customer communication and legal costs, but the real cost is the loss of customer trust and the end of business.


In April of 2011, hackers exposed 93,000 Sony Corp. user accounts. The clean up bill to Sony is estimated to be $2 billion. Sony is also fighting 55 class action lawsuits related to the April breach. Sony’s insurers, Zurich American, are refusing to cover those costs.


Sony apologized to its users and launched an identity theft protection program that includes a $1 million insurance policy per user. Is it too late? http://www.techspot.com/news/43675-sony-ceo-apologizes-for-hack-offers-free-id-theft-insurance.html

So how do CEOs protect their companies? What every CEO should know, in my next blog.

J.D. Power and Associates Reports: The Big Banks in Canada

 A Decrease in Satisfaction with Fees along with Declining Perceptions of Bank Reliability  Contribute to a Decline in Customer Loyalty and Advocacy at Retail Banks in Canada

 TD Canada Trust and ING Direct Canada Each Rank Highest in

Customer Satisfaction with Retail Banks in Canada in their Respective Segments

 TORONTO: 19 July 2012 —Overall customer satisfaction with the Big 5[1] and midsize banks in Canada has declined this year, due largely to a decline in fee satisfaction, according to the J.D. Power and Associates 2012 Canadian Retail Banking Customer Satisfaction StudySM released today.

 The decline in satisfaction directly impacts loyalty and advocacy metrics, both of which have dropped year over year. The advocacy metric, or the percentage of customers who say they “definitely will” recommend their bank to family and friends, declines by five percentage points, while customer loyalty, or the percentage of customers who say they “definitely will” reuse their bank in the future, declines by four percentage points, compared with 2011. In addition to the impact of the decline in satisfaction, loyalty and advocacy rates have also been negatively affected by deterioration in customers’ perceptions of their bank’s brand image, which is most notably reflected in declines in perceptions of reliability and financial stability.

The primary cause of the decrease in fee satisfaction is an increase in the number of changes to fee structures, with 27 per cent of customers experiencing changes, compared with 17 per cent in 2011. As a result of fee structure changes, satisfaction with fees has declined by 25 points to 592 (on a 1,000-point scale) from 2011.

 “Not only are customers frustrated with changes to their fee structure, but many are also confused by the changes, leading to the lower satisfaction,” said Lubo Li, senior director of the financial services practice at J.D. Power and Associates. “Banks may try to offset the dissatisfaction with these changes by proactively communicating with their customers and ensuring that they fully understand what the changes are and why they are occurring.”

 The Shift to Digital Banking

Online usage has increased during the past three years to 86 per cent in 2012 from 80 per cent in 2010. Online usage now exceeds branch usage, which has fallen steadily during the past three years. In addition to increased online usage, mobile phone usage has also increased since 2010—doubling to 8 per cent.  

 “As digital banking has surpassed traditional branch-based banking as the channel of choice, it has become a primary differentiator among the brands. It’s a key differentiator for the highest performers in the Big 5 and midsize banks segment and a contributor as to why some midsize banks outperform the Big 5 Banks from an overall customer satisfaction standpoint,” said Li.

 With customers’ increased focus on digital banking, it is even more critical that banks’ websites satisfy customer needs; however, online satisfaction has declined by eight points in 2012, compared with 2011. Online satisfaction is down, due primarily to lower ratings for ease of navigating website and range of services performed online.

The study also finds that despite the shift to digital channels, branch locations continue to be an important driver of satisfaction. To address this, banks need to focus on ensuring tellers and representatives are not only courteous to customers, but also equipped to address all of their needs. In addition, simple touches and amenities—such as complimentary reading materials, beverages, or television—are a cost-effective way to lift satisfaction.

 Financial advisors, included for the first time in the 2012 study, may have a positive impact on satisfaction. Overall satisfaction is 824 when the advice provided by a financial advisor completely meets customers’ needs, compared with 735 when no advisor is assigned. However, overall satisfaction is 700 when a financial advisor provides advice that only partially meets their needs. Customer satisfaction declines even further to 585 when the advice does not meet their needs at all.

 “Offering assigned financial advisors is a risk, but one that pays off with highly satisfied customers if the advisor takes the time to fully understand and address the needs of customers,” said Li. “If the right personnel are not on staff, it may be better not assigning anyone.”

 According to Li, Canadian banking customers may improve their overall retail banking experience by considering some basic tips:

 Stay engaged with your bank and keep informed of new products and services; consider utilizing the bank’s financial advisor.

  • Make sure you fully understand your bank’s fee structures.
  • Find out which discounts you may qualify for (e.g., student, senior, total holdings with the bank and minimum balance).
  • Educate yourself about the bank’s available online and mobile capabilities. Also be aware of any costs associated with using those services and whether the features meet your ongoing needs.

 The study, now in its seventh year, examines customer satisfaction with their primary financial institution in three segments: Big 5 Banks, midsize banks and credit unions. In all segments, customer satisfaction is measured across seven factors (listed in order of importance): account activities; account information; facilities; product offerings; fees; financial advisor; and problem resolution.

 TD Canada Trust ranks highest in overall customer satisfaction among Big 5 Banks for a seventh consecutive year, achieving a score of 769. TD Canada Trust performs well in all seven factors.

 Among midsize banks, ING Direct Canada ranks highest in overall customer satisfaction with a score of 834. ING Direct Canada performs particularly well in four of the seven factors: fees, account information, account activities and product offerings.

 The 2012 Canadian Retail Banking Customer Satisfaction Study is based on responses from nearly 12,000 customers who use a primary financial institution for personal banking. The study includes the largest financial institutions—banks and credit unions[2]—in Canada and was fielded in February and May 2012.


Customer Satisfaction Index Ranking                                                           J.D. Power.com Power Circle Ratings

Big 5 Bank Segment                                                                            For Consumers

(Based on a 1,000-point scale)


TD Canada Trust                                                  769                                         5


RBC Royal Bank                                                   751                                          3

Big Five Segment Average                             748                                          3

BMO Bank of Montreal                                      743                                          3

Scotiabank                                                            740                                           3


CIBC                                                                         722                                           2


Midsize Bank Segment                                                                                    J.D. Power.com Power Circle Ratings

(Based on a 1,000-point scale)                                                                        For Consumers


ING Direct Canada                                                  834                                          5


President’s Choice Financial (PCF)                   775                                        4


Manulife Bank                                                           764                                         3

National Bank of Canada                                       760                                        3

Midsize Bank Average                                           759                                        3


Laurentian Bank of Canada                                  728                                        2

ATB (formerly Alberta Treasury Branch)      715                                       2

HSBC Bank Canada                                                   689                                       2


Note: Alterna Bank is included in the study but not ranked due to small sample size.


Power Circle Ratings Legend:

5 – Among the best

4 – Better than most

3 – About average

2 – The rest


About J.D. Power and Associates

Headquartered in Westlake Village, Calif., J.D. Power and Associates is a global marketing information services company providing performance improvement, social media and customer satisfaction insights and solutions.  The company’s quality and satisfaction measurements are based on responses from millions of consumers annually. For more information on car reviews and ratings, car insurance, health insurance, cell phone ratings, and more, please visit JDPower.com. J.D. Power and Associates is a business unit of The McGraw-Hill Companies.


About The McGraw-Hill Companies

McGraw-Hill announced on September 12, 2011, its intention to separate into two public companies: McGraw-Hill Financial, a leading provider of content and analytics to global financial markets, and McGraw-Hill Education, a leading education company focused on digital learning and education services worldwide. McGraw-Hill Financial’s leading brands include Standard & Poor’s Ratings Services, S&P Capital IQ, S&P Indices, Platts energy information services and J.D. Power and Associates. With sales of $6.2 billion in 2011, the Corporation has approximately 23,000 employees across more than 280 offices in 40 countries. Additional information is available at http://www.mcgraw-hill.com/.


Media Relations Contacts:

Gal Wilder; Cohn & Wolfe; Toronto, Canada; (647) 259-3261; gal.wilder@cohnwolfe.ca

Beth Daniher; Cohn & Wolfe; Toronto, Canada; (647) 259-3279; beth.daniher@cohnwolfe.ca

John Tews; J.D. Power and Associates; Troy, Mich; ; media. relations@jdpa.com (248) 312-4119


No advertising or other promotional use can be made of the information in this release without the express prior written consent of J.D. Power and Associates. www.jdpower.com/corporate


[1]Big 5 Banks include BMO Bank of Montreal, CIBC, RBC Royal Bank, Scotiabank and TD Canada Trust.

[2]Rankings are not provided for credit unions, as they do not meet market share requirements for the study.