How Stock Performance is Impacted by Data Breach
Engineers at Astra have been studying the consequences of data breaches on businesses these past years. This article – the Hacking statistics 2019, is the crux of those researches that we have been pouring over all these years.
- Abnormal returns: Abnormal returns are the difference between the actual and the normal return of the firm over the event window. Abnormal return can be calculated as follows: Abnormal Return = Realized Return – Expected Return
- Normal Return: The normal return can be defined as the expected return when no incidents occur.
Targeted attacks are often state-sponsored, though some have been by private groups. A nation might try to spy, disrupt, sabotage, or rob from another entity. The U.S. is the No. 1 target.
It’s not a statistic you’d want to own, but the U.S. is not alone. Here’s a breakdown of the top 10 countries affected by targeted attacks between 2015 and 2017.
Here is a pie chart that depicts that data breaches are indeed targeted based on countries:
1. JP Morgan Chase:
4. Dun & Bradstreet:
5. CVS Healthcare:
8. Time Warner Cable:
In a nutshell
- On average, stock prices of firms decreased by 9.11% post-breach.
- Stock prices of companies with good security practices took around seven days to recover the affected stock value.
- Companies with poor security practices were more affected by data breaches, and it took them around 90 days to redeem themselves in the stock market.
- Companies that announced data breach themselves were more affected in the stock market compared to companies whose data breaches were announced by third parties.
- Impact of data breaches on market value is strongly correlated with the type of information leaked, attack type (For eg; Insider, Outsider, Accidental, etc.) and the number of leaked records.
- Laws under the name GDPR and Notifiable Data Breaches Scheme were enforced in May 2018 by the European Union and Australian government respectively. These laws were implemented to regulate and monitor the data breach announcements by companies.
The last result is taken from the same study by Norton, the average cost of a data breach has also increased. Following are three telling stats from the Ponemon Institute’s 2018 Cost of a Data Breach 2018 study for IBM.
- Cost of the average data breach to companies worldwide: $3.86 million (U.S. dollars)
- Cost of the average data breach to a U.S. company: $7.91 million (U.S. dollars)
- Average time it takes to identify a data breach: 196 days
What Should You Do?