We're changing our name.
Verodin is now Mandiant Security Validation. Click here to learn more.

A Case Study in Cyber Governance: Pitney Bowes

Pitney Bowes has been in the business of postage scales and mailing equipment/services for nearly 100 years. In the last five years, the company has implemented a digital transformation strategy critical to its financial survival, expanding into global e-commerce, software, and other technologies.

December 19, 2019
Category
Blog Tags

Pitney Bowes has been in the business of postage scales and mailing equipment/services for nearly 100 years – not exactly a tech-heavy industry. But, in the last five years, the company has implemented a digital transformation strategy critical to its financial survival, expanding into global e-commerce, software, and other technologies.

Replacing old economy inefficiencies with digital technologies has pleased shareholders with growth and cost savings. However, while management successfully invested to drive growth, not much of the budget was left behind to protect that digital investment. Pitney Bowes made the choice many corporations make with digital transformation: when looking where to allocate budgets, growth always wins over protection (i.e. spending in cybersecurity and improved cyber governance is lacking).

Fast-forward to this year. The company fell victim to not one, but two cyber attacks, the most recent being a ransomware attack. Beyond the impact to customers, the first of the incidents had a material financial impact on the company missing earnings estimates, sending the share price lower. But, the second incident, the ransomware attack, arguably presented the greatest potential for loss because it disrupted the reliability of Pitney Bowes’ operations, a critical factor impacting brand value and future revenues when its 100-year business model is still ensuring “reliable, on-time delivery.”

Even though Pitney Bowes reaped short-term benefits from its digital transformation, its lack of emphasis on necessary spending and quality controls on cyber governance factors into its 2-star (i.e. below average) Cyberhedge Cyber Governance Rating. Cyberhedge created the financial performance metric of a cyber governance rating as a way to compare how companies manage their technology investments and network security relative to peers. Pitney Bowes’ ability to manage the downside risks of its digital transformation is the company’s key risk going forward. Like any important risk measure, without an objective financial measurement of cyber governance transparency, shareholders cannot gain a picture of how well or how poorly these risks are being managed.

As it implemented its wide-sweeping digital transformation strategy, Pitney Bowes had three priorities to consider – top-line growth, cost savings, and cybersecurity – but it only chose to prioritize two, leaving vulnerable its newly expanded threat surface. Company leadership only realized the impact of this error after having to announce two incidents, which reflect poorly on the brand and its technology management. This is why it’s critical for C-suites and Boards to have improved risk tools and metrics for the “age of digital transformation” to show that they are allocating capital in the best way.

Verodin allows companies to monitor and measure the effectiveness of their security infrastructure in order to identify potential security issues, and take remedial steps to fix  those issues – before a breach takes place. This enables them to optimize cybersecurity performance and ensure critical assets are protected. Cyberhedge allows companies to successfully allocate money to resolve those issues – again, before a breach takes place. When C-suites and Boards have visibility into these areas, they can make better investment decisions, prioritizing cybersecurity alongside sales and revenue growth, in order to avoid the significant financial losses that come when digital transformation is not adequately protected.

To get the latest Research Report from Cyberhedge, click here.

Return to Blog
Get in touch:

Verodin provides security validation to measure, manage, and improve your overall effectiveness.

Chances are you’re ignoring valuable security data that can be gathered via instrumentation. Future-proof your security posture today.

Request a Demo

Chances are you’re ignoring valuable security data that can be gathered via instrumentation. Future-proof your security posture today.

Connect with an advisor

Get new cybersecurity effectiveness podcasts delivered straight to your inbox.

We will never sell or distribute your information.