We often think of the impact of cyber attacks on industry in terms of immediate loss of business continuity: After all, in today’s digital landscape, an internet assault can quickly bring even the most massive enterprise to its knees.
However, the results of a recent study into the relationship between cyber breaches and share price performance from UK cyber security consultant CGI and Oxford Economics indicate that the potential damage not only goes much deeper, but is also permanent. Here’s a closer look at the eye-opening findings, as reported by CNBC.
After analyzing 65 significant cyber security breaches since 2013, the study concluded there to be a “significant connection between a severe cyber breach and a company’s share price performance.” Specifically, CGI and Oxford Economics’ findings determined that share prices fell an average of 1.8 percent after a major breach. Even worse? This fallout had long-term impact.
What, exactly, does this mean in terms of dollars and cents? According to the report, it translates to a staggering $52.4 billions in terms of the total value of shares lost—with the average FTSE 100 company’s investors losing out on 120 million pounds ($153.6 million USD) following a cyber attack.
All in all, two-thirds of firms saw their share prices plummet after a cyber breach, with financial services and communications firms being hit the hardest. According to Andrew Rogoyski, vice president of cyber security at CGI, “Financial services experience the greatest burden in terms of impact, reflecting the high levels of regulation, the importance of customer confidence and the potential for financial fraud to be a facet of the breach.”
But these figures—as devastating as they already sound—may not even come close to capturing the full extent of what cyber breaches cost companies and their shareholders.
Continued Rogoyski, “Only around 10-20 percent of the major breaches companies suffer in Europe are currently made public, so lost shareholder value across European markets could rise by as much as a factor of 10.” (A more accurate picture should emerge in May of 2018 when new regulations kick in which will mandate that companies notify users of cyber breaches within 72 hours of its occurrence.)
It’s not all doom and gloom, however. Experts say there is a simple way for organizations to minimize their risk: Stepping up their cyber security initiatives.
And they’ll have plenty of incentive to do so, insists Rogoyski: “We are beginning to see city analysts, venture capital firms and credit ratings agencies factor cyber security readiness into the way they assess firms,” he said in a statement. “This is positive and should encourage boards across the world to treat cyber security as an enterprise-wide risk.”
While this study may be specific to the UK, its takeaways are universal in a world in which cyber breaches can and do happen anywhere. In order to best safeguard themselves and their investors, companies across the globe must commit to making cyber security part of their comprehensive organizational business strategies. Download the article A Five Point Resource for Cyber Attack Response Planning to learn more.