COL Financial should allocate even more expenditures in its security
On October 20, COL Financial reported a ‘possible breach’ in its system.
Upon further verifying, a COL Financial representative replied to me that ‘there is no evidence of an actual breach,’ and ‘if there is a breach,’ COL Financial ‘will directly contact any affected clients.’
This could somewhat temper down some heightened alertness in terms of knowing whether COL could safely keep their clients money. Nonetheless, hacking or breach incidents have been relatively been frequent.
According to the BreachLevelIndex, there have been 1.9 billion recorded breached incidents worldwide just in the first six months of 2017. This is a 13% increase from the same period last year.
“More and more organizations are accepting the fact that, despite their best efforts, security breaches are unavoidable.” BreachLevelIndex
Dissecting the 1.9 billion breached incidents, the figure represented an alarming 122 breach incidents per second or 10.5 million per day.
In the United States, having access to other people’s social security number, birth dates, name, and other sensitive information, an individual with bad intentions can steal one’s identity and make one’s life his own. This individual can open bank accounts, buy car(s), buy and even sell houses that belong to other people without regret.
Nonetheless, the COL report still is far less worrying but significant to investors that could be affected as a result.
As of June, the ₱7.6 billion leading online financial services provider in the Philippines reported that it had 225 thousand clients—about 23% more from the same period last year.
COL also stated that it has ₱69.7 billion of its customer’s wealth altogether—20% higher from last year.
Therefore, using these figures could provide the idea that there is about ₱310 thousand per COL Financial user in his/her account. This is quite a significant amount in comparison to an average Filipino family who is only capable of saving an estimated ₱52 thousand a year.
Meanwhile, COL has ₱7.6 billion in cash and cash equivalents and ₱8.2 billion in payables, which according to COL are generally payables to customers that are noninterest-bearing and have no specific credit terms.
COL also had equity (book value) of ₱1.35 billion—₱93 million more than last year.
Despite this debt-free, cash negative when payables are taken into account, COL is still widely susceptible to greater financial trouble whenever a breach would have greatly affected even just 2% of its customer base.
In my estimations, 2% would consist of 6,500 COL clients leading to a ₱2 billion worth of COL Financial portfolios missing equity. This would then far exceed COL’s equity and make it undergo severe financial distress.
What assurances can we have as COL Financial clients?
To COL’s credit, the company has already markedly increased its allocation in its ‘Security and messengerial services’ by 53% as of June to ₱3.3 million—0.7% of total revenue in the period.
Nonetheless, money allocated to this critical part of COL’s survival in the ever more frequent cyber breach or hacking has been roughly not even half of its ‘Advertising and marketing’ expenses in the past three years.
In the past three years, COL spent, on average, ₱9.65 million on ‘Advertising and marketing’ while ₱4.4 million on ‘Security and messengerial services.’
It surely would be interesting for COL to be more specific in its next announcement and answer at least these two questions:
- When did the ‘possible breach’ took place?
- How many accounts are estimated to be affected?
In the meantime, I may have to browse through different online brokers in the Philippines that may be more discerning in its cyber-security specialties and capabilities.
Disclosure: I do not have any COL Financial common shares, but have my entire Philippine stock investments in it.