The study found that the share value index of 113 companies declined an average of five per cent immediately following the disclosure of the breach and experienced up to a seven per cent customer churn. What’s more, one in four (27 per cent) of consumers impacted by a breach stated they discontinued their relationship with an organisation that experienced a data breach.
Commenting on the findings, Independent cybersecurity expert, Dr Jessica Barker, said: "With so many data breaches hitting the headlines, there can be a sense of defeatism among some organisations. Breaches are seen as inevitable so some organisations question the value of spending on security when it won't make them 100% secure. However, this research has found that investing in security helps protect the organisation when even the worst happens, as companies with a strong security posture experience much quicker stock price recovery than those with a poor security posture following a data breach."
“In this past year alone we’ve seen high-profile data breaches, such as Yahoo and TalkTalk, experience the significant consequences that a breach can have on shareholder value and brand reputation,” said Bill Mann, senior vice president of products and chief product officer, Centrify. It’s clearly a blind spot for the C-suite and it’s time leadership recognise that protecting data is no longer just an IT problem, but a bottom-line business concern that needs a holistic and strategic approach to protecting the whole organisation.”
How poor security posture impacts company value and customer loyalty
A portfolio of share prices was composed for 113 publicly traded benchmarked companies who had experienced a data breach involving the loss of customer or consumer data. The index value was tracked 30 days prior to the announcement of the data breach and 120 days following the data breach.
? These companies experienced a 5 per cent price decline immediately following the disclosure of the breach. More revealing are those companies with a strong security posture – companies that have made investments in people, process and technologies -- which are less likely to see a decline in share prices mainly because they are better equipped to respond.
? Those companies with a self-reported superior security posture saw a decline of no more than three per cent, and after 120 days following a breach, successfully rebounded with a three percent gain in stock price prior to the breach. In contrast, those with a poor security posture experienced a share price decline as high as seven per cent, and 120 days following the breach, did not fully recover the share price it had prior to the breach.
? Customer loyalty was also impacted with 65 per cent of consumers having lost trust in the breached company and 27 per cent of consumers discontinuing their relationship altogether.
IT under scrutiny
While 63 per cent of IT feared losing their job after a breach, the reality is the IT function is placed under greater scrutiny following a data breach. For those IT practitioners that had experienced a data breach, the most negative consequences were: significant financial harm (52 per cent), greater scrutiny of the capabilities of the IT function (51 per cent) significant brand and reputation damage (35 per cent) and decreased customer and consumer trust in their organisation (35 per cent).
Business impact and organisational disconnect
The study showed a significant disconnect across the business when it comes to responsibilities and brand reputation ownership:
? 70 per cent of IT practitioners do not believe their companies have a high-level ability to prevent breaches, however 58 per cent of CMOs are confident that their company would be resilient to a data breach that results in the loss or theft of high value assets
? There’s a clear blind spot when it comes to data breaches and the impact they have on share price. Just 23 per cent of CMOs and 3 per cent of IT practitioners are concerned about a decline in their company’s share price. For those that had a breach, only five per cent of CMOs and six per cent of IT professionals say that there was a decline in share price as a result of the breach.
? While IT practitioners and CMOs are both worried about the loss of reputation after a breach, their concerns apply only to their specific job function. For CMOs the top three concerns from a data breach were lost of reputation (67 per cent), decline in revenues (53 per cent) and loss of customers (46 per cent). For IT, the biggest concerns were loss of their jobs (63 per cent), loss of reputation (43 per cent) and time to recover decreases productivity (41 per cent).
