For the first time, a report has claimed to be able to measure the impact cyber breaches have on companies’ share prices. Research from IT consultancy firm CGI found that, on average, a company’s value permanently drops by 1.8% following a major breach. For a typical FTSE 100 firm, this equates to a loss of £120 million.
According to Andrew Rogoyski, vice president of cyber security at CGI, the impact on share prices is actually getting worse as investors and analysts become more cyber aware. The average over three and a half years was 1.8%, he said, but in the first year of the study, the effect was negligible (0.2%). In 2014, it rose to 1.5%, and in 2015/16 it was 2.7%.
The study is based on economic modelling from Oxford Economics, which conducted an ‘event study’ analysing a sample of public cyber security breaches since 2013 across seven global stock exchanges.
Why didn’t we know this already?
The relationship between cyber breaches and share prices seems logical, but previous studies had been unable to prove this was consistently the case, said Rogoyski.
Although in some cases the link was clear – see, for example, the effect Yahoo’s two massive data breaches had on its sale price to Verizon – many smaller breaches didn’t appear to alter share prices. In other cases, it would take months or years for the effect to take place, in which case the breaches’ potential influence became lost among many other factors.
According to Rogoyski, the correlation in this study shows that investors and analysts are starting to consider cyber security when valuing companies. “This is positive and should encourage Boards across the world to treat cyber security as an enterprise-wide risk,” he said.
Cyber testing playbook
If you’re looking to evaluate your cyber security posture, IT Governance offers a variety of full-service technical security and consultancy solutions. We’ve helped hundreds of companies reduce their risk exposure dramatically by identifying and addressing vulnerabilities before attackers can exploit them.
Whether you have never undertaken a security test or already have a mature cyber security programme in place, IT Governance’s Cyber Testing Playbook is an ideal starting point to identify and address your cyber security needs.