Data breach incidents can be catastrophic for any organization, resulting in large fines, loss of user or customer trust, and public image damage. However, a recent research conducted by information security specialists has found that these incidents could in fact be beneficial for some companies.
As you may recall, a data breach involves unauthorized access or disclosure of personal information records. Most countries have legislation applicable in these cases, although not all governments in the world similarly punish such incidents.
Information security specialists stress that any company could be impacted by such incidents, as it does not influence whether they are public or private organizations and no matter the industry sector to which the company belongs. Whether it’s airlines, banks, public institutions and e-commerce sites, they’re all exposed to a data breach.
One of the main indicators for measuring the impact of a data breach on a company is the price of its shares. Information security services firm Comparitech has conducted an analysis of some companies listed on the US stock exchange for the purpose of determining the impact that a data breach has on the stock performance on a compromised company.
From the study of 33 different cases, the researchers found that, on average, a company affected by a data breach lost 7.3% of the value of its shares; in the worst cases, stocks could fall for up to 15 consecutive days.
Yes, this is an undesirable scenario, although the investigation took a surprising turn. About six months after the incident, all affected companies achieved even higher growth than in the six months prior to the data breach (an average of 7.1% compared to previous growth of 4%).
In addition, researchers found that the more recent the data breach is, the larger it causes a decline in the price on the shares of the affected companies. For the companies concerned, financial institutions were the hardest hit, while health care companies suffer to a lesser extent the financial impact of these incidents.
According to information security specialists from the International Institute of Cyber Security (IICS) one of the possible causes of this revaluation is the way in which companies handle these incidents. After suffering a data breach, a company can update its security policies and practices, in addition to its IT infrastructure, to finally undergo audits that demonstrate an improvement in its it security systems, supporting its growth after completing cybersecurity incident recovery processes.
However, Comparitech experts recognize that their research only focuses on analyzing the price of a company’s shares, adding that other variables, such as legal proceedings against affected companies, also influence performance in the stock exchange.