While the direct cost of dealing with cybersecurity breaches has been well documented, few studies have captured how much damage they can do to a company’s share price.
Now, new research reveals the share-price hit can be even larger than the physical reparation costs. And, more concerningly, the pain lingers.
Conducted by Oxford Economics and commissioned by IT consultant CGI, the British study, released this morning, examined the market performance of 65 companies globally that had been victims of cyber attacks since 2013.
They found that share prices fell by an average of 1.8% “on a permanent basis” following a severe breach, translating to a reduction in market capitalization at a typical blue-chip company of around $150 million.
The average direct costs of cyberattacks for companies worldwide in 2016 was $7.7 million, up 23% on the previous year, according to a recent analysis of 237 companies conducted by the Ponemon Institute on behalf of HP.
In extreme instances, attacks have wiped up to 15% off a company’s share price, according to Oxford and CGI’s latest analysis. An obvious example is Yahoo, which took a $350 million haircut on its sale price to Verizon, though banks also have much to lose.
The research found that companies in the financial services sector were most affected by breaches, followed by media and communications companies. Those least affected included retailers and healthcare providers.
As recently reported in Chief Executive, companies from the U.K. to U.S. still have large holes in their cyber defenses, despite the fact that CEOs are becoming increasingly alert to the risks.
Cyber defenses can be expensive—both the technology and the talent—and even companies with supposedly stringent checks such as Yahoo were breached. Governments, however, are tending toward forcing companies to protect themselves, leaving CEOs with little choice but to act.
“Clearly, the CEO has responsibility for increasing company value,” the latest report’s authors said. “With the link between cyber breach and company value established in this report, it is clear the CEO’s responsibility must also include direction and governance of cybersecurity.”
Floods, fires and storms aren't rare—they're relentless. Here's how your business can prepare for what…
It's no longer about being big; it's about being fast. To thrive in this dynamic…
From sparking viral TikTok trends to landing nationwide retail deals, Tim Snyder is expanding Jordan’s…
You're paying lawyers $300 to $500 an hour to review contracts that never change, writes…
Despite the litany of strategies and resources, employee engagement has fallen to an all-time low.…
Focusing on work hours, whether you’re a company or a legislature, is missing the point…