Data Breach Impact On Companies Felt Long After Initial Hack

Posted by Anna Lothson on Jul 14, 2017 11:27:10 AM

As explored in a post last month, we detailed the fallout suffered by companies that experienced data breaches. The conclusion? The scope is expansive and has a long-term impact on brand value and customer trust.

A new study takes that theory to the next level., a site that offers security and privacy advice, conducted a study of 24 companies that have experienced a data breach — comparing what happened to their stock after the breach.

The result? Over time, the companies felt the sting, which was reflected in the stock market.

“Our one-year model shows their share prices experienced an immediate 2.84% drop versus the NASDAQ and took 38 market days to recover on average,” Paul Bischoff, researcher and privacy advocate for, was quoted in a report by ReadITQuik.  “The model shows the stocks outperformed the NASDAQ until day 175, at which point they start falling again. Three years later, share price had fallen 42 percent relative to the NASDAQ baseline.”

Included in this report were major companies that made breach news in past years — Target, Home Depot, Anthem, etc. — but also organizations like Heartland Payment Systems and JP Morgan Chase. Because these companies are all publically-traded, it’s easier to unearth the long-term effects a breach has on their company value. For smaller organizations — like private community banks and credit unions — the impact may not be as publicly known, but internally the weight will be felt just as much, if not more.

“Data breaches stain the reputations of companies both big and small, damaging the brand and reducing consumer trust, and sometimes the consequences can affect the company for years to come,” Bischoff said.

The Data Breach Customer Impact Value

Not only can a breach hinder a company’s ability to compete in the market, based solely on public perception, the conclusion of this study showed companies continued to underperform long after the data breach was initially discovered.

As anyone who follows what’s happening on The Street knows, a rumor or a small glitch can dramatically impact a company’s stock value. For banks and credit unions with cards impacted by these threats, the impact is even longer lasting since compromised cards typically pass through multiple breached merchants. The study also showed that the companies most impacted by breaches, in terms of share price, was finance companies. Specifically, breaches involving credit card data and social security numbers affected share prices the fastest post-breach.

Interestingly, what the study also showed was that after a data breach was initially announced, there was little impact on a company’s stock. The real impact was felt long after. Initially, companies all saw an immediate, but small, drop in share prices. The recovery period, however, showed these companies faced a slower increase rising back to normal prices post-breach.

On the NASDAQ, these companies took more than a month to recover to their normal figures; in a three-year period, breached companies continued to underperform.

Data Breaches: The New Norm?

In a similar study by Ponemon Institute, it breaks down the impact of a data breach on a company’s reputation and share value. In the study is showed:

  • The stock value index of 113 companies surveyed declined an average of 5 percent the day the breach was disclosed.
  • Companies with a poor security posture were found to experience stock prices drop as much as 7 percent.
  • Additionally, 120 days post-breach, these company did not fully recover the pre-breach share price. Companies with poor security posture also experienced
  • Conversely, companies with a
  • 31 percent of all surveyed consumers impacted by a breach stated they discontinued their relationship with an organization that experienced a data breach, and 65 percent lost trust in that organization.

New data from Identity Theft Resource Center (ITRC) shows that in a one-year period, between June 2016-2017, there have been 758 data breaches recorded, with more than 12 million records exposed since Jan. 1 of this year alone. That’s a 29.1 percent increase in the number of breaches in a one-year period. For 2016, the total breach figure reported by the ITRC was 1,093 breaches. By this pace, 2017’s figure is estimated to be roughly 1,500.

With fraudsters getting smarter and savvier with their techniques, even as new FinTech innovations enter the market, it’s expected the cost of fraud is only going to continue to rise — as are the number of breaches. What are you doing to keep up?