Skip to content ↓ | Skip to navigation ↓

Companies that experience a significant cyber breach see their share value fall by an average of 1.8 percent on a permanent basis, reveals a new research report.

Conducted by global advisory firm Oxford Economics, the report examined the impact of severe cyber incidents on company value in hopes of building the business case for improved security practices.

The firm analyzed 65 major breaches occurring between 2013 and 2016, as outlined in the Gemalto Breach Level Index. It compared the share price performance of affected companies to a control group comprised of organizations that had not been breached.

The ‘control’ organizations operated in the same industry and market, and had a similar number of employees.

“For a typical FTSE 100 firm the impact of 1.8 per cent equates to a permanent loss of market capitalization of £120 million,” explains the report – which amounts close to $150 million USD.

What’s more, the report also found that the negative impact on share value has worsened year-over-year. In the past 18 months, the figure has doubled, leading to a much more severe negative impact.

Meanwhile, industry experts believe the impending breach notification laws brought by the General Data Protection Regulation (GDPR) will likely cause this number to surge.

“Only around 10-20% of the major breaches companies suffer in Europe are currently made public,” said Andrew Rogoyski, cybersecurity vice president at IT services firm CGI, who commissioned the report.

“Lost shareholder value across European markets could rise by as much as a factor of 10 when the new regulations take effect in May 2018,” Rogoyski told Infosecurity Magazine.

In the most extreme cases, the report notes that cyber breaches dropped a company’s value by as much as 15 percent.

“It is no longer possible to regard cyber risk as a peripheral issue: it is increasingly clear that cyber security is a key factor in a business’s performance, reputation and, as we see in this report, its valuation. This makes cyber security a critical issue for the board,” the report concluded.

To read the full The Cyber-Value Connection report, click here.