Cybersecurity breaches and their impact on corporate stock prices

Cyber breaches have an obvious impact on a company’s bottom line. There are physical costs – replacing an equipment that may have been compromised. There are staff costs – overtime for security staff working on resolutions. There are time costs – lost productivity and deferred resources until the problem is fixed. Beyond all of these financial liabilities is the impact a cyber breach may have on corporate stock prices, impacting not only the company, but the investors that help that company survive.

Comparitech analyzed 28 companies that had experienced data breaches to determine the impact on stock prices. Some of their key findings include:

• Share prices of breached companies hit a low point approximately 14 market days following a breach. Share prices fall 7.27% on average, and underperform the NASDAQ by -4.18%
• Finance and payment companies saw the largest drop in share price performance following a breach, while healthcare companies were least affected.
• Breaches that leak highly sensitive information like credit card and social security numbers see larger drops in share price performance on average than companies that leak less sensitive info.

All of the companies analyzed had breaches of a million records or more, were publicly listed on the NYSE at the time of the breach, and the occurrence of the breach was shared publicly.

The report discovered that while six months after the breach the affected companies were rebounding with share prices on the stock market, the initial impact of a data breach resulted in underperforming on the NASDAQ. This indicates that while share prices may rebound, the long-term financial solvency of a company may be greatly impacted.

The industry of a breached company is one of the primary determining factors for stock-health post-breach, with finance companies topping the list of those hardest hit.

“They suffered the largest initial downturn following breaches on average, sinking over 17% against the NASDAQ after 16 market days,” stated the report. “Although the stocks performed better against the market post-breach than pre-breach, they still underperformed on the NASDAQ by a difference of 2% after six months.”

Technology companies, such as Sony, Apple, and T-Mobile, showed a more gradual decline in stock prices, but despite  outperforming the NASDAQ prior to the breach, these companies were still underperforming six months after.

E-commerce/social media companies, such as Yahoo, LinkedIn, and Facebook, had a sharp decline in stock prices immediately following a breach but showed a greater likelihood of outperforming the NASDAQ six months later.

The report also found the higher the sensitivity of data breached, the greater the impact on the stock market.

All companies need to ensure they are taking appropriate steps to maintain a high level of cybersecurity to avoid any potential data breaches. Companies that are publicly traded need to be even more careful or they risk added negative financial impacts from the stock market.

Want to learn about cybersecurity? Capitol Tech offers bachelor's, master's and doctorate degrees in cyber and information security and is designated as a National Center of Academic Excellence in Cyber Defense by the National Security Agency (NSA) and the Department of Homeland Security (DHS). To learn more about this designation click here.

Many courses are available both on campus and online. To learn more about Capitol Tech’s degree programs, contact admissions@captechu.edu.