Hacked companies underperform by ‘42% after three years’

The security and privacy advice and comparison website, Comparitech.com, has today released the results of a study that looked at companies who have experienced a data breach and the effects on their stock prices over time.

It analysed the closing share prices of 24 companies, most of which are listed on the New York Stock Exchange (NYSE), and found that over time, companies that were the subject of a data breach tend to underperform the market.*

“Data breaches stain the reputations of companies both big and small, damaging the brand and reducing consumer trust, and sometimes the consequences can affect the company for years to come,” said Paul Bischoff, researcher and privacy advocate for Comparitech.com.

>See also: UK firms sleepwalking into cyber attack chaos

“A data breach can harm both public sentiment and a company’s competitive edge in the market depending on the type of breach. In this study, we wanted to quantify that “sentiment” and assess the impact on investors through Wall Street’s reaction to a data breach.”

Comparitech.com analysed the closing share prices of 24 companies, including Apple, Adobe, Anthem, BetFair, Countrywide, Community Health Systems, Dun & Bradstreet, Ebay, Experian, Global Payments, Home Depot, Health Net, Heartland Payment Systems, JP Morgan Chase, LinkedIn, Monster, T-Mobile, Sony, Staples, Target, TJ Maxx, Vodafone, VTech, and Yahoo. The analysis started the day prior to the public disclosure of their respective data breaches of at least 1 million records leaked, with some surpassing 100 million.

The key analysis found that stock prices continue to rise overall in spite of data breaches, but much slower than they did previously, and companies that suffered data breaches tended to experience an immediate but small decrease in share price.

>See also: Ignorance is not bliss when your data has been hacked or stolen

Breached companies tend to underperform the NASDAQ. They recover to the index’s performance level after 38 days on average, but after three years the NASDAQ ultimately outperforms them by a margin of over 40%. Compared to the NASDAQ, the sample of stocks performed poorly on average. Strangely, larger breaches had less of an impact on share price than smaller breaches.

More recent breaches had less of a negative impact on share price than older ones, perhaps due to ‘breach fatigue’. Indeed, breaches could be increasingly tolerated by the market over time.

Finance companies experienced the largest immediate decline in share price directly after a breach, but internet businesses, such as e-commerce and social media companies, suffered the most in the long term.

Intuitively, breaches of highly sensitive data, such as credit card and social security numbers, had a greater impact on the immediate drop in share price following a breach than companies that leaked less sensitive info, such as email addresses. The sensitivity of breached data had a less clear impact on share price in the long term.

>See also: The world’s biggest data hacks revealed

“Our one-year model shows their share prices experienced an immediate 2.84% drop versus the NASDAQ and took 38 market days to recover on average,” said Bischoff. “The model shows the stocks outperformed the NASDAQ until day 175, at which point they start falling again. Three years later, share price had fallen 42 percent relative to the NASDAQ baseline.”

*  The more time that passes after a breach, the more other factors not related to the data breach start to influence stock price and introduce noise. Please read the blog post for more details on stock performance and our methodology for measuring it and presenting the results


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Data Breach