For tech giants Apple, Facebook and Google, the past week has featured a lot of heated rhetoric related to privacy and security. But among them, Apple is the company that has the most to lose from its stance on the topic.
In a speech in Brussels calling for enhanced privacy regulation, Apple's Tim Cook was highly critical of tech companies that use personal data to make money. Although he was careful not to name Facebook and Google, it was fairly obvious who he was talking about. At times, he seemed to come out against technology itself, at one point quoting Henry David Thoreau: "'We do not ride on the railroad,' he said. 'It rides upon us.'"
It's part of an overall corporate philosophy, often repeated by Cook and in Apple's marketing, that "privacy is a human right."
These assertions have drawn the ire of Apple competitors and detractors. Facebook's former chief security officer, Alex Stamos, fired back, saying Cook's statements were hypocritical because the company's China business doesn't treat those citizens the same way.
"Apple needs to come clean on how iCloud works in China and stop setting damaging precedents for how willing American companies will be to service the internal security desires of the Chinese Communist Party," he tweeted.
The dispute spans many years, many tweets, many speeches and will only get more heated.
But from a financial point of view, Apple has the most to lose from positioning itself this way. That's because when your business is built around privacy and security, you'd better not have a serious breach of either.
The Brussels speech was another in a long string of terse comments by Cook aimed at Google and Facebook. This way, Apple has set itself up as the company that charges serious money for its products — the most expensive iPhone available costs more than $1,400 — but will not preserve your personal information as part of the bargain. Facebook and Google have, on the contrary, put a stake in promoting their services as more democratized, without the high cost of entry, available to anyone and everyone.
But when your business is differentiated by safety and security, it can also significantly raise your market risk to a cyberattack.
Just ask Equifax: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," the credit rating agency CEO, Robert Smith, said shortly after its devastating 2017 breach. Equifax was a company that dealt in only private data of consumers. Equifax's stock dropped sharply after this breach and has somewhat recovered since, though not to pre-breach levels. Smith and the company's chief information officer and chief information security officer all were ousted because of the incident.
By contrast, recent very large breaches at Google and Facebook have caused little financial pain or user loss to either company. Even the Cambridge Analytica scandal caused no discernible change in Facebook's active daily users. That's because privacy and security are not core components of the Google and Facebook value proposition, either to consumers or investors.
Apple is an outlier. The company does have a strong set of controls on privacy and security, stronger than its competitors. This is best demonstrated by the fact that under some cybersecurity insurance plans — such as those offered by Aon — companies with more Apple products can receive discounted rates.
But by so consistently defining itself by its security, the company is also setting itself up for heightened risk of losing face on this topic. Investors will be watching for any sign that these concrete security and privacy goals have started to crack.