Collaborative for CUBES has mined real-world data to create a blueprint companies can use to align their goals from top to bottom. Collaborative for CUBES researchers make sense of industry trends through CubeSense

March, 2017
What Would Happen if Houston-based Companies got Yahoo-ed?
By Vikas Mittal and Shrihari Sridhar

Over the last decade, high-profile information-security breaches, such as those at Wal-Mart, Home Depot, Target, and Neiman Marcus have caused widespread customer dissatisfaction. The recent security breach at Yahoo has irked and dissatisfied nearly 1 billion customers. With the total number of people having access to the internet pegged at about 3 billion, a security breach of 1 billion accounts at Yahoo is huge by all accounts. Dissatisfied with the security breach, and fearful over a loss of safety, customers have fled to other providers. Yahoo has lost over $ 1billion in market capitalization, and faces the prospect of Verizon renegotiating the terms of acquiring Yahoo.


Security breaches—unfortunately—are not just the bane of retailers or silicon-valley companies. Companies in the greater Houston area are vulnerable as well. According to a 2016 report the global oil & gas security market was valued at USD 25.68 billion in 2015, and is estimated to reach USD 32.79 billion by 2020. Some of the most prominent oil and gas industry include Houston staples such as Schlumberger, Halliburton, Phillip 66, Anadarko, Kinder Morgan, and National Oilwell Varco. Companies from other sectors include Waste Management and BMC software, with national and international reach.


In addition to being prominent business-to-business companies, these companies have international reach, and work closely with clients to develop and maintain costly infrastructure. This requires complex IT support which is predicated on the flow of sensitive information. For example, Waste Management deals in sensitive information about specific customer accounts, while National Oilwell Varco may deal in sensitive information about rigs and oil reservoirs.


How will Houston-based companies fare if they faced an IT security breach? We estimated the potential cost using models developed from the Collaborative for CUBES™ project, a research collaborative study. This benchmark study measures customer satisfaction with several strategic areas using a sample of over 4,900 business managers.


Within the strategic area safety, business managers rated if their supplier “ensures that customer information is secure and safe”. They rated their satisfaction with a supplier from being “extremely dissatisfied” to “extremely satisfied.” We related this satisfaction rating to their overall opinion, which is further predictive of sales and margin. The bottom line—the model shows what would happen if a breach happened, “extremely satisfied” customers became “extremely dissatisfied”. Foremost, a B-to-B company, on average would lose 32.95% in sales. What would be the loss in sales if extremely satisfied customers were to become “extremely dissatisfied” with their supplier ensuring that customer information is secure and safe? We applied the model to 2015 sales for different companies. According to the model, Halliburton would lose $ 7.77 billion in annual sales, Waste Management would lose $4.6 billion, and Schlumberger would lose $ 11.68 billion.  Similarly, the loss in sales would be $ 4.74 billion for Kinder Morgan, $7.54 billion for National Oil Well Varco, and $2.86 billion for Anadarko.  Aside from the reputational consequences, the loss of jobs that stems from decreasing sales can have a severe negative effect on the Texas economy.


A major component of strategic innovation for many Houston-based companies is based on information technology, which has increased customer satisfaction. IT breaches, however, can severely dissatisfy customers. By helping to link IT security to customer-based and finance-based metric, companies can take the first step in alerting and reminding themselves to address this issue head on. The safety imperative for Houston-based companies should not just be limited to health and human safety, but should encapsulate data and information safety. Otherwise, we run the risk of being Yahoo-ed!