A UK study suggests that major cyber security attacks launched against companies in recent years have wiped at least £42bn (US$52.4bn) off the value of their shares.
The research commissioned by cyber security consultant CGI and conducted by business management consultant Oxford Economics found that a “significant connection between a severe cyber breach and a company’s share price performance” with the share price typically falling by an average of 1.8% on a permanent basis.
Investors in a typical FTSE 100 company would be worse off by an average of £120m after a breach, according to the study. The data analysed 65 “severe” to “catastrophic” cyber security breaches out of a total of 315 breach events since 2013.
Andrew Rogoyski, CGI’s vice president of cyber security in the UK, believes that “only around 10% to 20% of the major breaches companies suffer in Europe are currently made public, so lost shareholder value across European markets could rise by as much as a factor of 10” when regulation requiring companies to notify users of a breach within 72 hours is introduced in May 2018.
“We are beginning to see city analysts, venture capital firms and credit ratings agencies factor cyber security readiness into the way they assess firms,” Rogoyski added. “This is positive and should encourage boards across the world to treat cyber security as an enterprise-wide risk.”
Oxford Economics collated the data using the Gemalto ‘Breach Level Index’, which records all disclosed cyber security breaches to have affected listed firms between 2013 and 2016. Two in three firms suffered an adverse impact on their share price after being targeted by a cyber breach, with the financial services sector hit hardest, followed by companies in the communications industry
“Financial services experience the greatest burden in terms of impact, reflecting the high levels of regulation, the importance of customer confidence and the potential for financial fraud to be a facet of the breach,” the report’s authors state.
Commenting on the report, Jake Summerfield, managing director of event manager The Network Group Events, said that it was important to remember that not all cyber-attacks necessarily result in a hit to share prices.
“From our close work with chief information security officers (CISOs) from the FTSE 250 at the Financial Services Information Security Network event, in many cases where cyber-attacks do occur shareholders are not affected, and it’s often down to the way firms respond to a breach.
“Even with investment in cyber-security measures, no firm is 100% safe from a potential attack. Whether or not an assault impacts share price is therefore down to how a company responds to a suspected breach, and whether the way they store their data is compliant with data laws. After all, there are two types of company: those that have been hacked, and those that don’t know they’ve been hacked.”
Rising interest rates, excitement around blockchain use cases and cross-border payments were all hot topics at this year's AFP conference in San Deigo.
On-Demand Treasury Management Solutions continue to gain increased adoption in the US and EMEA regions.
The US dollar and debt yields falling on the North Korea missile test, treasury being a top target for cyber criminals and why treasurers aren't into real-time payments all hit the latest headlines in the world of treasury this week. Don't miss our ten top news stories from around the world.
Treasurers are being expected to do more work with fewer resources than ever before, so it is little wonder that the automation of day-to-day operations was highly discussed on the second day of EuroFinance, the annual treasury event held in Barcelona this week.