The losses are on get to get even worse – especially with GDPR on the way.
Cyber-attacks that lead to security breaches have been found to inflict permanent damage to FTSE share prices, causing massive loss of value for investors.
The permanent cost of a breach is equivocal to 1.8% of company value, which would cost FTSE 100 firms a loss of £120 million in market capitalisation. The study shows that investors have already lost at least £42 billion due to public domain cyber security incidents since just 2013.
Behind the report are CGI Group, the fifth largest independent information technology and business process service firm worldwide, and Oxford Economics, a commercial venture with Oxford University’s business college.
Andrew Rogoyski, Vice President of Cyber Security at CGI in the UK “As identified in CGI’s Global 1000 Outlook report, cyber security is a still a top priority for businesses, but business leaders, policy makers and investors still have work to do to take cyber security risk far more seriously… We are beginning to see City analysts, venture capital firms and credit ratings agencies factor cyber security readiness into the way they assess firms – this is positive and should encourage boards across the world to treat cyber security as an enterprise-wide risk.”
This problem is made all the more concerning given the low percentage of breaches that are disclosed to the public, leaving investors uninformed of events that can have a permanent impact on the value of the company.
Ian Mulheirn, Oxford Economics, commented: “The study shows a significant connection between a severe cyber breach and a company’s share price performance. It was found that, on average, a firm’s share price was 1.8% lower in the wake of a breach than it would otherwise have been in the week following an attack. However, in some cases the relative share price fall for affected companies was much higher, with one attack lowering the company’s valuation by 15%.”
The study is based on economic modelling from Oxford Economics, which conducted an ‘Event Study’ analysing a sample of public cyber security breaches since 2013 across seven global stock exchanges, based on information from the Gemalto Breach Level Index. A sample of 65 ‘severe’ and ‘catastrophic’ cyber security breaches were then analysed to indicate the impact of these more significant attacks on company share price performance.
When the cumulative impact on shareholder value is considered the 65 severe cyber security breaches have cost investors £42 billion in total. However, it is important to note this figure includes only publicly known severe breaches – the true amount of company value lost due to cyber attacks is likely to be far higher. Furthermore, the cost of cyber attacks to investors is likely to skyrocket in the near future, as the General Data Protection Regulation means firms operating in Europe must disclose cyber attacks.
Richard Brown, Director EMEA Channels & Alliances at Arbor Networks said: “The fact that cyber-attacks have cost global investors at least £42bn in recent years is shocking and once again highlights the serious situation businesses are facing. Attack methodologies are evolving by the day and with share prices falling by an average of 1.8% following a severe breach, organisations can no longer afford to be complacent about their cyber security strategy.”