Companies hit with a data breach face wide-ranging financial repercussions, including stock prices that can fall up to 5% the day a breach is disclosed.
Further, according to research from the Ponemon Institute, victim companies also average up to a 7% customer churn—while 31% of consumers have discontinued a relationship with an organization that experienced a data breach. In fact, for consumers, a data breach is the No 3 most negative impact to brand reputation, following terrible customer service and environmental disaster. About 80% of consumers believe organizations have an obligation to take reasonable steps to secure their personal information, and 70% believe organizations have an obligation to control access to their information.
In other words, data security breaches can have a significant negative impact on company finances and shareholder value, as well as significant impact on brand reputation.
“Data breaches are very real business and bottom-line concerns,” said Tom Kemp, CEO of Centrify, which sponsored the report. “This reality was recently seen when a popular fast food chain’s stock rose as much as 6.8% after reporting better than expected Q1 earnings, but then saw its gains chopped in half when it revealed it had a breach. The fallout can be significant and may even be a reason to relieve the C-Suite of its duties.”
But even so, a surprising 66% of IT practitioners don’t believe their company’s brand is their responsibility. Only 65% of CMOs and 64% IT professionals agree that they have an obligation to secure personal information, while less than half of CMOs and IT security practitioners believe they should control access.
The Ponemon study also found a direct correlation between security posture and the severity of the stock decline, customer churn and revenue loss. Based on a sample of 113 companies that experienced a material data breach, companies with a poor security posture were found have shares drop as much as 7% the day of disclosure; 120 days following a breach, these companies did not fully recover the share prices they enjoyed immediately prior to the breach.
Companies with a high security posture, on the other hand, saw a decline of no more than 3%, while 120 days following the breach the company was found to successfully rebound, showing a 3% gain over what the stock price was prior to the attack.
Only 20% of CMOs and 5% of IT practitioners said they would be concerned about a decline in their companies’ stock price. In organizations that had a data breach, only 5% of CMOs and 6% of IT practitioners say a negative consequence of the breach was a decline in their companies’ stock price.
As for the internal disconnects, these illustrate vulnerabilities across the organization. More than half (56%) of IT practitioners said they are not confident they have the ability to prevent, detect and resolve the consequences of a data breach—and more than half fear a breach will cost them their job. By contrast, 63% of CMOs are far more optimistic their company would quickly recover from a serious breach.
“This new report serves as a wake-up call to every organization that security isn’t just about protecting data, it’s about protecting the business,” Kemp said. “It is no longer just an IT problem—it must be elevated to the C-suite and boardroom because it requires a holistic and strategic approach to protecting the whole organization.”