A Case Study in Cyber Governance: Pitney Bowes by Ryan Dodd

Pitney Bowes has been in the business of postage scales and mailing equipment/services for nearly 100 years – not exactly a tech-heavy industry. But, in the last five years, the company has implemented a digital transformation strategy critical to its financial survival, expanding into global e-commerce, software, and other technologies.

Replacing old economy inefficiencies with digital technologies has pleased shareholders with growth and cost savings. However, while management successfully invested to drive growth, not much of the budget was left behind to protect that digital investment. Pitney Bowes made the choice many corporations make with digital transformation: when looking where to allocate budgets, growth always wins over protection (i.e. spending in cybersecurity and improved cyber governance is lacking).

Fast-forward to this year. The company fell victim to not one, but two cyber attacks, the most recent being a ransomware attack. Beyond the impact to customers, the first of the incidents had a material financial impact on the company missing earnings estimates, sending the share price lower. But, the second incident, the ransomware attack, arguably presented the greatest potential for loss because it disrupted the reliability of Pitney Bowes’ operations, a critical factor impacting brand value and future revenues when its 100-year business model is still ensuring “reliable, on-time delivery.”

Even though Pitney Bowes reaped short-term benefits from its digital transformation, its lack of emphasis on necessary spending and quality controls on cyber governance factors into its 2-star (i.e. below average) Cyberhedge Cyber Governance Rating. Cyberhedge created the financial performance metric of a cyber governance rating as a way to compare how companies manage their technology investments and network security relative to peers. Pitney Bowes’ ability to manage the downside risks of its digital transformation is the company’s key risk going forward. Like any important risk measure, without an objective financial measurement of cyber governance transparency, shareholders cannot gain a picture of how well or how poorly these risks are being managed.

As it implemented its wide-sweeping digital transformation strategy, Pitney Bowes had three priorities to consider – top-line growth, cost savings, and cybersecurity – but it only chose to prioritize two, leaving vulnerable its newly expanded threat surface. Company leadership only realized the impact of this error after having to announce two incidents, which reflect poorly on the brand and its technology management. This is why it’s critical for C-suites and Boards to have improved risk tools and metrics for the “age of digital transformation” to show that they are allocating capital in the best way.

Verodin allows companies to monitor and measure the effectiveness of their security infrastructure in order to identify potential security issues, and take remedial steps to fix  those issues – before a breach takes place. This enables them to optimize cybersecurity performance and ensure critical assets are protected. Cyberhedge allows companies to successfully allocate money to resolve those issues – again, before a breach takes place. When C-suites and Boards have visibility into these areas, they can make better investment decisions, prioritizing cybersecurity alongside sales and revenue growth, in order to avoid the significant financial losses that come when digital transformation is not adequately protected.

To get the latest Research Report from Cyberhedge, click here.

*** This is a Security Bloggers Network syndicated blog from Verodin Blog authored by Verodin Blog. Read the original post at: