From a stock price tumble, to losing customers and millions in revenue loss, there are some preventative actions against a cybersecurity attack that companies can't afford not to put in place.
A data breach can have a serious financial impact on a company. Research by Centrify and the Ponemon Institute suggests that a cybersecurity breach could have the following financial outcomes for an average-sized listed company:
- the stock price could fall by an average of 3 to 7 per cent when the breach is announced;
- the company could lose a significant number of customers; and
- there will be a corresponding loss in revenue averaging over $3 million.
Centrify's Tim Steinkopf, writing in Financial Executives Daily, points out that a lot of the damage is caused because companies tend to make security/data breaches public early on to avoid being accused of hiding the breach, but this means that they don't yet have all the facts about the circumstances and extent of the breach. He writes: “Investors don’t like this type of uncertainty, and rightly so.” This leads investors to want to withdraw from the company, for fear of the breach causing even greater damage.
The cost of not investing in security
But the news isn't all bad because, according to Steinkopf, there is a lot companies can do to mitigate the impact of a security breach. Having strong incident response plans in place, as well as a stable and experienced IT security team, plus having invested adequately in personnel and security technologies, especially identity and access management, are all important provisions that can make the difference between a stock price fall of 3 per cent of one of 7 per cent. And Steinkopf notes that there can be a huge difference between the two, with a value of millions of dollars in market capitalisation.
Companies who have invested in IT security and staff and are well prepared for a cybersecurity attack will suffer less of a stock price hit and will be able to recoup their losses from the breach within a week. Companies with a focus on security are also less likely to lose customers after a security breach, losing on average 2 per cent of customers, compared to companies not prepared for a security breach, which lose about 5 per cent of customers after an attack. Again, this translates into an average loss of more than $1.3 million.
CTMfile take: Tim Steinkopf's analysis really quantifies the risk of not taking preventative action to protect your company's data from a security breach. Putting in place an effective response strategy, together with investing in staff and IT, are some of the things companies can't afford not to do.
Cybersecurity is neglected by most companies in annual reports
A survey of annual reports published by 800 companies found that most are not providing enough data on their cybersecurity strategies and few consider it a boardroom issue
Cybersecurity performance can be managed, but only if measured
Creating and Measuring Effective Cybersecurity Capabilities - The Cybersecurity Risk Handbook
Cyberattacks using ransomware up 50%, financial services at risk
Ransomware attacks on companies increased by 50 per cent last year - and financial services is most-targeted industry