The Impact of Cyber Breach on Company Market Valuation
Cyber breaches wipe out millions from your company valuation, permanently!
The fourth industrial revolution has cemented a path of inconceivable growth and digital transformation for many organisations, however, it has also introduced new and unfamiliar cyber threats, to the extent that it is now widely conceded that cyberattacks are a matter of when, not if.
There is very limited time between news of a cyber breach going viral and preparing a coordinated response that minimises the impact on stock value, reputation, loss of critical data and preventing ripple effects that could bring an organisation to its knees. In the ensuing hours of a cyberattack, timing is of essence in maintaining shareholder and stakeholder confidence despite limited information available owing to the complexity of the attack and increased sophistication of cyber criminals. According to a 2019 report by Comparitech,share prices of breached companies hit a low point approximately 14 market days following a breach. Share prices fall 7.27% on average and underperform the NASDAQ by -4.18%.The market reaction slowly adjusts as the organisation scrambles to ascertain the magnitude and impact of the attack, in some cases this is immediately apparent but in others it may take months or even years.
CGI has collaborated with Oxford Economics to create a rigorous model that captures the impact of a cyber breach on the company’s share price. The Cyber-Value Connection reveals that share prices fall by an average of 1.8 per cent on a permanent basis following a severe breach. To put that in context, investors in a typical FTSE 100 firm would be worse off by an average of £120 million. Applying the analysis methodology to the 65 companies whose severe breaches were used to compile this study, the cost to shareholders of these companies would be in excess of £42 billion.
But how does the market price in cyber breaches when faced with major events such as M&A?
Recall here the acquisition of Yahoo by Verizon in 2017 where the valuation was discounted by $350 million in the wake of two massive cyberattacks at Yahoo, closing the deal at $4.48 billion. Risks associated with cyber violations have become intrinsic to a company’s valuation. Research from(ISC)2 shows that 100% of the 250 surveyed M&A executives and advisors say that Cybersecurity audits are essential to the M&A process and have become standard practice.A staggering 49% say that the discovery of previously undisclosed breaches would derail the deal. On the plus side however, a solid cyber security framework is the backbone of a successful digitally enabled business and a growth catalyst, ultimately a determinant of organisational value.
As the wise saying goes,prevention is better than cure, the Oxford Cyber Futures programme empowers business leaders with insight and tools required to make strategic decisions around cyber security.