Coverage of last week’s Twitter hack has now shifted towards longstanding security concerns, including internal controls and employee access issues. The company is now under scrutiny from several directions, including the FTC, Congress and the FBI.
Those looking at the Cyberhedge ratings on Twitter would not have been surprised by last week’s breach. The company’s cyber governance performance relative to other technology peers has been on a steady downward slide over the past two years and had a below average 2-Star rating from January this year, six months prior to the breach.
1 and 2-Star rated companies across all sectors are at greater risk of being breached and experiencing negative financial impacts resulting from poorly managed technology, including weaker cyber posture.
Coverage of the breach has now shifted to discussions over apparently longstanding security concerns about Twitter’s internal controls. Experts such as ex-Deputy Director of National Intelligence Sue Gordon have called insider threats ‘preventable’ in the wake of the breach and referenced other similar incidents where cybercriminals exploited weaknesses in the ‘people and process’ of companies. There is now an appropriate focus on the human dimension of Twitter’s cybersecurity. Issues relating to this dimension underpin any company’s cyber governance performance. This is because it relates to the human management of technology. Twitter’s 2-Star sector rating includes persistently below average performance relative to its technology peers in this very area. Deputy Director Gordon rightly called attention to the need for greater training for any employees with administrative level access and the implementation of the requisite controls. This can reduce the probability of such a person being able to knowingly or unknowingly help execute a breach like the one Twitter experienced.
Cyberhedge detected obvious and persistent weakness in this facet of Twitter’s cybersecurity over the past two years so not only was the breach not a surprise, but the potential cause of the breach was equally unsurprising.
These issues are not quickly resolvable, particularly for a company that has struggled in this area for several years. It is also one of the more costly and time intensive aspects of a company cyber program to rectify. As a result, we do not expect a swift reversal in the company’s below average rating relative to its technology peers.
Some market observers questioning ‘whether cybersecurity really matters’ will point to the fact that Twitter’s share price has continued to climb upwards in the wake of the incident. But the Cyberhedge Indices clearly show that cyber governance impacts shareholder value over time. These indices have outperformed the overall market three years in a row, and in 2020 they are beating the US and EU markets by 19% and 41% respectively.