What Value Trust?
A business cannot survive without the trust of its stakeholders (shareholders, customers, employees, suppliers, distributors).
Indeed, there are many credible reports evidencing a direct link between trust and superior financial and operational performance.
For example, a May 2022 study by PwC indicated that:
??????91% of customers said they would buy from a company that gained their trust - 14% say they would buy significantly more.
??????88% of customers would recommend the company to others if a company did something to gain their trust.
Furthermore, a World Economic Forum report (11 August 2022) indicated that ‘Trusted companies have beaten the market by 5% in times of growth and 11% in times of crisis. They have received twice the positive media coverage and half the regulatory scrutiny. They enjoy significantly higher rates of customer and employee loyalty, public engagement and shareholder support.’
This raises an interesting question.
If an environment of high trust is positively correlated to better performance, then surely trust has a value.
The valuation of intangible assets, like trust, has proven elusive to date, so for the time being maybe this problem is best approached by examining the loss of value experienced by companies if trust deteriorates. The same PwC study cited above reveals that:
??????71% of consumers said they’re unlikely to buy if a company loses their trust and, of those, 73% say they would spend significantly less.
We know that capital markets will factor in expected revenue losses and other financial impacts, so valuing trust could be by calculating what happens to a company’s share price when a breach of trust occurs. Such incidents can take many forms and are generally the subject of negative media reports.
There has been no shortage of breaches, but to prove the point, I want to focus on the well-publicised cyber incidents afflicting Optus, Medibank Private and Australian Clinical Labs in the last month or so.
Let’s look at each one.
Optus
Optus is a wholly owned subsidiary of Singapore Telecommunications Limited (SingTel) whose shares are listed on the Singapore Stock Exchange.
On 22 September, it made public that it had experienced a cyberattack that had exposed sensitive information about 9.8M customers (current and former), including customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses and ID document numbers such as driver's licence or passport numbers.??
As a customer of Optus, I can relay that it's quite stressful knowing that my personal details have been exposed (including license and passport). This is made worse by not knowing what personal action to take to protect myself in a timely fashion.
What followed can only be generously described as a ‘101 style’ lesson in how not to communicate with affected customers. I want to acknowledge the cyberattack was unprecedented in its scope and complexity, however, many experts have criticised delays in communicating with affected customers. Speaking from first-hand experience, I can concur with expert opinion. ?
For example, I was initially advised by Optus of the exposure on 24 September. Some 10 days later I received a further email from Optus explaining that I did not need to replace my driver’s license. That was too late because I had already cancelled my license and received a replacement because there had been no communication from Optus in the interim period.
Interestingly, an updated notice on Optus’s web site dated 17 October, confirmed that it had completed notifying customers, including those whose passports had been exposed. I assume they must have lost my Optus issued mobile number and email address because I’m still waiting for that notice. Perhaps I’ll receive a letter instead because, in the same update, Optus undertook to contact customers without a valid email or SMS number as soon as possible via post. I’m not holding my breath.
So how did this trust-destroying data breach impact Optus’s valuation?
It’s difficult to say with precision because Optus is but one subsidiary in the SingTel group. However, what can be determined is that SingTel’s share price was affected as follows:
??????$SGD2.68 on 22 September (date the breach was announced)
??????$SGD2.38 as at 21 October
This is a reduction in value of 11.2%, so there has been a significant loss of value.
领英推荐
Can we deduce that the entire loss of value was attributed to the Optus cyberattack? Probably not because we don’t know what other factors were in play for SingTel over that period. But it would be na?ve to believe the cyberattack had no impact on trust in Optus and did not materially contribute to the loss in value of SingTel’s shares.
Medibank Private
More recently, Medibank Private announced on 13 October that it had been the subject of a cyberattack and that “At this stage there is no evidence that any sensitive data, including customer data, has been accessed”.
A succession of updates were later released to the market, including an update on 26 October advising that member personal data and significant amounts of health claims data was stolen by the hacker(s).
Compared to the Optus data breach, this data exposure is more serious due to the nature of the data stolen, even though it affected less people.
How did this breach of trust impact Medibank’s valuation? It’s much easier to make this calculation because Medibank is a ASX listed company and we aren’t dealing with a subsidiary of a larger company as was the case with Optus.
Medibank’s share price changed as follows:
??????$AUD3.52 on 12 October (the date of the breach)
??????$AUD2.78 on 28 October
This is a reduction in value of 21% (or approximately $1.8B), which is a huge loss of value in anyone's language.
But was the entire loss of value attributable to the cyberattack and consequent impact on trust? There’s no way of scientifically assigning cause and effect in this case because there may be unknown factors involved.
However, it would be unrealistic to believe the cyberattack had no impact on trust in Medibank Private. It's difficult to explain the loss with reference to anything else. While we can point to the costs of managing the data breach and inevitable loss of revenue impacting P&L and P/E multiples, the key driver is loss of trust.
Australian Clinical Labs (ACL)
ACL announced on 27 October that a subsidiary company (Medlab Pathology) had experienced a notifiable cyber incident involving personal information of some of Medlab’s patients and staff. This attack had affected 223,000 individuals. Importantly, Medlab had become aware of an unauthorised third-party access to its IT system in February 2022 (8 months earlier).
How did this breach of trust impact ACL’s valuation? Because ACL is a ASX listed company, it’s easy to monitor how the capital market has reflected the breach of trust in the company’s share price. However, because Medlab is a subsidiary, it’s difficult to be precise without further information.
ACL’s share price changed as follows:
??????$AUD3.54 on 26 October (the day before the announcement)
??????$AUD3.31 on 28 October
That represents a reduction in value of 6.5%, so far.
While we can’t prove this loss of value was attributed to the cyberattack and consequent impact on trust, it would be illogical to think the cyberattack had no impact. There are serious concerns about the delay in announcing the data breach and still some questions about the likely flow-on impact on the pathology business.
A few observations arising from these cases.
Trust is essential to company sustainability and directly reflects the relationships a company has with a wide range of stakeholders. It can be reliably measured, so there is a place for continuous monitoring by companies and inclusion of data in their ESG reporting to help investors and other stakeholders make better informed decisions. What gets measured gets optimised.
What do you think?
MD/CRO/Strategy/Country Manager/Go To Market Specialist/Strategic Accounts Director/ Large Complex Deal Specialist/ Start Up Leader/ Disruptive Tech Specialist/ Innovative Business Models. Professional Presenter and MC.
2 年Great explanation Ray.