JD Wetherspoon (LSE: JDW) has today announced that it is the latest company to fall victim to hacking, with customer data having been accessed illegally by a third party. The information was obtained from its old website, with the company having replaced the website in its entirety and instructed a cyber security specialist to conduct a full forensic investigation into the breach.
Wetherspoon has stated that for 100 customers who purchased its vouchers prior to August 2014, limited credit/debit card details were accessed but, since this included only the last four digits of the card number, such information cannot be used on its own for fraudulent activity.
The news is clearly distressing for the company’s customers and staff (who are also included in the data breach) and thrusts hacking into the spotlight once more. In fact, it was only recently that Talktalk (LSE: TALK) was itself a victim of a data breach which saw data for around 157,000 customers illegally accessed. The hacking incident is estimated to have cost Talktalk up to £35m but, realistically, the cost could prove to be even greater since it has the potential to cause existing customers to switch to rival firms and also for potential customers to look elsewhere.
Although Wetherspoon’s share price is currently down by less than 1% following the news, Talktalk’s share price fall over a number of days and weeks shows that a hacking incident can lead to a prolonged decline in a company’s investment performance. In fact, Talktalk’s valuation has slumped by 42% in the last six months. This shows that hacking is a real threat to investors at the present time and, looking ahead, it is likely to remain so as the digitisation of commerce continues.
Clearly, there are a number of other significant risks facing investors, with the list including internal challenges such as the loss of key customers, poor strategy and logistical challenges. Furthermore, external issues can also hurt the financial performance of any company, with changing customer tastes, a declining economic outlook and pricing issues being real threats to profitability. Clearly, with incidents of hacking starting to become more prevalent, that risk needs to be added to the list and taken into account when making investment decisions.
Ultimately, though, it is impossible for any investor to determine whether a company will be hacked or not. This makes the idea of diversification even more appealing, since it means that company-specific risk (which includes the risk of hacking) is reduced so that, for example, a 50% decline in a company’s share price resulting from hacking will hurt a diversified investor a lot less than one who has more concentrated positions in fewer holdings.
As such, and while there seems to be no means to totally avoid the risk of hacking, buying a range of high quality businesses at fair prices seems to be the most obvious long term solution.
