Our analysis indicates that if The Board and Management take prudent action created a well-defined plan based on multiple scenarios, they can reverse the potential stock price dive, due to the data breach and help sustain the decline in the following months. Such actions can result in the stock price being higher than before the breach.
Fixing a data breach can be expensive, cumbersome, time-consuming, and detrimental to company’s reputation. Additional issues like lower stock price, management blame game can add to the actions taken on costs, time and the security issues to prevent it from happening again. Prudent management philosophy always recommends prevention rather than detection; however, when it comes to approving actions, allocating resources and taking decisions, management is often not on the same page as the Chief Information Security Officer (CISO).
Regardless of the many preventive measures, a company takes to secure its market cap or value; it may ultimately take a serious dive if IT security gaps are not quickly identified, addressed and remedied before a major cyber security breach happens.
Evaluating the company’s market cap after an incident
Global malware is growing to be more prevalent, with 600 million samples in 2016. According to Gartner, the average cost of a data breach is estimated to reach $4 million. The worldwide spending on information security is as shocking as $75.4 billion in 2015.
Fixing a data breach has unbudgeted and quantifiable operating costs that result in increased security budgets and investments in technologies of safety and resources. We look at some examples of how much these breaches can influence the company’s market value.
The Target Data Breach
In late 2013, Target was the victim of a massive data breach, with the loss of the personal information of almost 70 million individuals. The extensive breach included the names, mailing addresses, phone numbers and email addresses. Te data that was stolen, potentially exposed customers to potential fraud.
Estimates on the costs of the data breach at Target reached $252 million, excluding litigation fallout of the breach. The Target’s stock prices had a noticeable drop in share value, and the stocks started picking up again in March 2014.
The Anthem Data Breach
One of the largest data breaches ever, occurred in February 2015, involved Anthem. An initial 37.5 million records containing personally identifiable information that was taken quickly escalated to 78.8 million.
The stock market performance for Anthem, Inc., starting with February 4th showed a slight drop in share price, but it only lasted a couple of days. A sharp uptick followed in the months to come, with no severe drop until late 2015.
Data Breach on Vtech Holdings
On November 2015, Vtech Holdings; a leading supplier of corded and cordless phones and electronic learning toys, suffered a data breach that leads to accounts of 4.9 million parents potentially being accessed by cyber criminals, while profiles of 6.4 million children were also affected. The financial impact of the data breach was not estimated. Initially, the stocks plunged.
The Adobe Data Breach
An Adobe cyber/data breach resulted in 38 million customer accounts being accessed. The customers’ personal information—names, encrypted debit and credit card numbers, expiration dates and other sensitive data was exposed to criminals. Therefore the avalanche of lawsuits that followed, Adobe had to pay $1.1 million in attorneys’ fees and expenses and an undisclosed sum to affected users.
He shares prices for Adobe Systems Incorporated didn’t shrink at all. While there was the usual fluctuation, the ascending stock price curve was sustained throughout 2016, in spite of the legal battles were settled and customers compensated.
Cyber breaches are here to stay for a long time. More companies (59 percent) are purchasing some additional security insurance to plug the adverse effects of data breaches on the enterprise’s value. However, this can never be the right response as the insurance companies are not inclined to back companies after they experience constant security breaches.
Therefore at our events we always focus on the measures a company can take to secure its Intellectual property, reputation and stock market value, to ensure that security gaps are quickly remedied and that data breaches occur on a regular basis.
At the annual events on the 18th October in Mumbai http://www.copenhagencompliance.com/2016/mumbai/index.htm and the 10-11th November in London http://www.grcassembly.com/index.htm several sessions are dedicated to providing updated guidance on data and IT and cyber security breaches.
Source for statistics and numbers: Yahoo Finance