Analysis: Looking at the stock market fallout following a high-profile data breach.
Share prices tumbling in the wake of a cyber attack is nothing new – TalkTalk shares plummeted 10% in the immediate aftermath of its October 2015 data breach, falling even further in the following weeks by 20%. Similar investor backlash was also seen in the wake of well publicised attacks concerning the likes of Carphone Warehouse, Sony and eBay.
However, it must be noted that it is expected, even obvious, that shares tumble in the event of a cyber attack. Cyber attacks garner bad publicity and put into question the infrastructure, processes and policies of a company. A cyber attack can transform a once attractive proposition, into a bad bet.
Therefore, it came as no surprise to see that Sage was one of the biggest fallers on the FTSE 100 on Monday, following the company’s disclosure that 300 UK company records may have been breached. Sage shares opened more than 4% lower, with the firm’s stock down 1.2% by early afternoon.
While Sage mirrors the share price tumble of companies like TalkTalk, Sony and Carphone Warehouse, there is one major difference. The latter companies all fell victim to an targeted, external attack, whereas the Sage data breach looks like the work of an insider who gained ‘unauthorised access using an internal login.” The fact that the breach may have been engineered by an insider has the potential to cause a much bigger FTSE fallout than those targeted by an external threat, as Jonathan Sander, VP of Product Strategy at Lieberman Software, told CBR:
“Some breaches are a flash in the headlines and done. Maybe they will buy back into Sage for a song if that's the case. But other breaches drag on and on, pushing stock values further and further down.
“And when the breach is related to an insider event, the potential is even worse. Unlike the easier to blame "hacker," the insider sourced beach leads to parades of investigations, policy reviews, staff shake ups, and more. None of that is good for business, and none of it inspired investor confidence."
Insider attacks cut to the core of an organisation – not only does it put into question security policies, authentication methods, segmentation, encryption, monitoring and other proven countermeasures, it also puts into question employees and the level of trust given to certain individuals in the organisation. When investors rely on confidence, the insider threat seems to shake that confidence far more than an external hacker.
This consequence of a cyber attack, specifically the insider threat, should act as a warning flag for companies of all sizes trading publicly, as Dr David Chismon, senior research consultant of MWR Infosecurity, told CBR:
“A general trend appears to be that the larger the company, the larger the security issue has to be to affect its share price. However the inverse is also true – that small companies can suffer large percentage drops in value as a result of a compromise. Indeed, there are cases of smaller start-ups that have failed as a result of a lack of confidence by investors following a breach.
"Small companies are at particular risk as a breach can lead to both hefty fines and avoidance by investors at a crucial time in the organisation’s growth. Larger companies' share prices may recover in time, however the increasing data breach penalties being discussed may push the cost of breaches up and hit profits, which may in turn hit share prices in a much more sustained way."
The details surrounding the Sage data breach remain murky. The company must be given due credit for its initial response in quickly alerting customers and informing the authorities. It is far too early to predict what will happen with Sage – will shares continue to tumble with the company making huge losses, reminiscent of TalkTalk? Or, will their quick response be rewarded with a FTSE bounce back, with share price recovering like Target?
It is worth ending with a reminder that many companies who have fallen victim to an attack have bounced back on the stocks. In the immediate aftermath there is the usual plummeting of price, yet prices do bounce back in the medium to long term. However, as all companies become digital businesses, maybe investors are looking a little more closely when companies get hacked. Maybe even more so when that threat comes from inside.