Why Data Breaches Don’t Hurt Stock Prices

Why Data Breaches Don’t Hurt Stock Prices

Why Data Breaches Don’t Hurt Stock Prices

Recent high-profile data breaches like those at Target and Home Depot have exposed the private sensitive information of millions of employees and consumers. While consumers are rightfully worried that their personal information may be compromised, shareholders and companies’ management have a wider set of concerns, including loss of intellectual property, operational disruption, decreased customer trust, tarnished brand, and loss of investor commitment. Companies are spending millions in litigation costs, efforts to restore brand loyalty, and refunds.

However, even the most significant recent breaches had very little impact on the company’s stock price. Industry analysts have inferred that shareholders are numb to news of data breaches. A widely accepted notion goes that there are only two types of companies: those that have been breached and those that don’t know they have. It is true that that breaches are expected and have become a regular cost of doing business, but there are deeper reasons for the market’s failure to respond to these incidents.

Today, shareholders have neither enough information about security incidents nor sufficient tools to measure their impact. As every company is becoming a digital company, every leader (who is also becoming a digital leader) is realizing that breaches may negatively affect profitability and the company’s long-term ability to do business. The long and mid-term effects of lost intellectual property, disclosure of sensitive data, and loss of customer confidence may result in loss of market share, but these effects are difficult to quantify. Therefore, shareholders only react to breach news when it has direct impact on business operations, such as litigation charges (for example, in the case of Target) or results in immediate changes to a company’s expected profitability.

Read Also:
Your data has been kidnapped… now what?

Delays in disclosing information security incidents often contribute to shareholders’ hesitation and uncertainty with regard to how to factor in the effects of the breaches. For instance, current SEC regulation leaves leeway for public companies as to when to disclose cyber incidents: “To the extent a cyber incident is discovered after the balance sheet date but before the issuance of financial statements, registrants should consider whether disclosure of a recognized or nonrecognized subsequent event is necessary”.

Overall, stock prices during and following the high profile security data breaches for the in the past several years have decreased slightly or quickly recovered following the breach. Let’s look in some more detail at a few cases.

Home Depot’s hack, compromised 65 millioncustomer credit and debit card accounts. Breach-related costs are estimated to be around $62 million. The company’s stock price decreased slightly one week after the announcement. In the third quarter of 2014, Home Depot showed a 21% increase in earnings per share.

Read Also:
How to Get Health Care Employees Onboard with Change

During the 2013 holiday season shopping period, Target was the object of then the biggest cyber attack on a retailer. Credit and debit card data of 40 million customers and personal information of about70 million were said to be affected by the breach. The stock experienced a 10% drop in price in the aftermath of the security breach, but by the end February, Target had experienced the highest percentage stock price regain in five years.

Three years after the 2011 hack that compromised payment data of millions of Sony gaming users, Sony had to deal with a massive data breach targeting its pictures industry. The personal data of producers, actors, and current and former employees dating back to 2000 was compromised.

 



Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
How to Get Health Care Employees Onboard with Change

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
Smart Cities Are Going to Be a Security Nightmare
Read Also:
​Why the CIO should care about Cyber Security

Chief Data Officer Summit San Francisco

7
Jun
2017
Chief Data Officer Summit San Francisco

$200 off with code DATA200

Read Also:
How to protect your mission-critical information

Customer Analytics Innovation Summit Chicago

7
Jun
2017
Customer Analytics Innovation Summit Chicago

$200 off with code DATA200

Read Also:
EU’s General Data Protection Regulation unknown to most UK adults

HR & Workforce Analytics Innovation Summit 2017 London

12
Jun
2017
HR & Workforce Analytics Innovation Summit 2017 London

$200 off with code DATA200

Read Also:
Smart Cities Are Going to Be a Security Nightmare

Leave a Reply

Your email address will not be published. Required fields are marked *