A data breach can have immediate and long-term implications for a company in terms of consumer trust and regulatory repercussions, but what does it mean for the company's stock? An analysis by Comparitech.com found that cyber incidents have a relatively subdued impact on publicly traded companies' stock.
Immediately following a data breach, stocks fell by an average 0.43%, about equal to their average daily volatility, the report found. Stocks continued to rise after disclosure of a breach, but at a much slower pace, according to the report.
In the three years prior to being hacked, share prices increased by an average 45.6%, the report found, but after an attack, average growth slowed to less than 15% in the following three years.
A comparison to the Nasdaq shows that breached companies tend to underperform the index by more than 40% after three years, despite initially recovering to the index level an average 38 days after the breach is disclosed.
The report examined stock performance of 24 companies hit by a data breach that resulted in at least 1 million customer records being lost or exposed. All the companies in the report were publicly listed on the New York, London or Hong Kong stock exchanges at the time they were hit. The resulting list includes companies from multiple sectors: Apple, Adobe, Anthem, BetFair, Countrywide, Community Health Systems, Dun & Bradstreet, Ebay, Experian, Global Payments, Home Depot, Health Net, Heartland Payment Systems, JPMorgan Chase, LinkedIn, Monster, T-Mobile, Sony, Staples, Target, TJ Maxx, Vodafone, VTech and Yahoo.
Not surprisingly, the more time that passes after a data breach, the less of an impact it appears to have on a stock's performance, the report found. What is interesting, though, is that more recent hacks were not as much of a drag on companies than those that happened prior to 2011.
"Prior to 2010, a data breach was a relatively new concept and it scared people; the idea that company had your information stored somewhere and a hacker could access it," Paul Bischoff, researcher and privacy advocate for Comparitech.com, and author of the report, told ThinkAdvisor. "It seems like pretty simple stuff now … , but back then it was still something that could scare investors off as well as scare customers off."