Stock prices drop by an average of 5% when companies disclose a data breach

A Ponemon Institute report has found that after companies publicly disclose a data breach, their stock prices drop by an average of 5%. The study, which analysed 113 companies in four different fields – financial services, insurance, healthcare and pharmaceuticals – also found that it takes 45 days on average for the company to recover its value.

However, the study confirmed that companies with a stronger cyber security posture were less affected and able to recover faster. Such companies’ stock prices fell by no more than 3%, and stock value typically recovered after seven days.

As you might expect, the reverse is true of companies with poor cyber security practices. For some companies analysed by Ponemon Institute, it took more than 90 days for their stock price to recover.

What makes a strong cyber security posture?

A strong cyber security posture means investment in people, processes and technology, including:

  • A fully dedicated chief information security officer (CISO);
  • An adequate budget for staffing and security technologies;
  • Strategic investment in appropriate security-enabling technologies, such as enterprise-wide encryption;
  • Training and awareness programmes designed to reduce employee negligence;
  • Regular audits and assessments of security vulnerabilities;
  • A comprehensive programme with policies and assessments to manage third-party risk; and
  • Participation in threat sharing programs.

Companies must take more responsibility

Less than half of marketing officers and IT practitioners surveyed said they think it’s their organisation’s responsibility to secure consumers’ personal information. By contrast, 80% of consumers think organisations should be responsible for this.

When a company breaches consumers’ information, the consumers blame the organisation. Of the respondents who reported being a victim of a data breach, 65% said they lost trust in the organisation responsible for the breach, and 31% discontinued their relationship with them.

Stay secure with ISO 27001

ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). It provides a proven framework for managing data security within a cyber security ecosystem, using an integrated set of policies, procedures and technologies.

An ISMS helps you manage, monitor, audit and improve your organisation’s information and security practices.

You can find out more about ISO 27001 and how it can help improve your information security posture by downloading our ISO 27001 data sheet >>