My recent articles on security here at TalkMarkets have been designed to warn investors about the growing cyber security threat. I continue to illuminate the issue because I know the potential for not doing so can lead to a lot of market pain for companies and individuals alike. So we press on with the latest high profile security breach .. 

Sony's (SNE) latest security breach, which exposed over 25 Gbs of data, employee health and personal records, external vendor accounts, internal core infrastructure management login accounts, salary data, employee social security numbers, and PwC financial audit record data. In addition, the attack included malware designed to wipe system hard drives all the way down to the master boot record, prompting expensive hardware replacements and untold costs in lost data. The hackers published the private data on torrents which are publicly available, which is very damaging to Sony in their efforts to mitigate the attack with their business continuity process. 

The main elements to pay attention to here are costs. Sony will have an immediate financial impact from sales losses, such as those experienced at Target (TGT) after their point of sales (POS) systems breach. Total costs to Target are estimated on the low end at $1 billion. In addition, security breaches tend to lower stock value significantly and scare investor dollars away for a significant period of time. Target stock had fallen 46% 90 days after the breach of their POS systems. Investors in Sony should be careful on their investment targets in the next 180 days at least, with an somewhat lesser window of caution set for 365 days depending on how Sony management addresses public concerns about the company's internal security practices. This is the key to predicting future Sony break-ins. 

The reason Sony's latest hack was not surprising was because 1) they have been hacked before and 2) numerous industry studies show companies don't adequately respond until multiple attacks have taken place. In addition, most company leadership don't have a Chief Information Security Officer (CISO) that is responsible for planning and responding to security threats across the company on a daily basis.