Do data breaches influence investors?

data-breach.pngThere is no denying data breaches have serious consequences including penalties for disclosure violations and non-compliance, and a host of other things like ‘brand damage’ that are harder to quantify. But do data breaches really have any impact on a company’s stock price? A recent article proposed that it did not, and actually offered some fairly compelling evidence to that effect. To summarize, data breaches cause an initial stock drop, but they rebound fairly quickly.  What’s compelling is the supporting evidence and the sheer number of companies whose stock reflected this.  It’s the who’s who of high profile breaches (Heartland Payment Systems, T.J. Maxx, JPMorgan Chase, Adobe Systems, et al).  I don’t think it tells the whole truth, though. Let’s examine that through the Target breach and see why the paradigm might be shifting.   

 

Investors so far seem to have been willing to treat each data breach as a one-time occurrence - that hasn’t changed. What has changed is the consumer.  According to the Ponemon Institute, corporations who suffer a data breach lose customers. Any additional customer losses Target suffers will only exacerbate their current tough retail climate and serve to further diminish revenues. And if that happens, the stock will be affected.  Security is simply in the public consciousness as it hasn't been before.  One simple reason is that this is probably the first time a lot of Target’s customers had to receive a new credit card because of a data breach.  And if you lose the trust of the public to handle their credit card numbers, you have a problem.

 

In addition to a drop in consumer trust, there were (and are) a lot of other influencing headwinds (among them a tougher than anticipated to crack Canadian market) that have all impacted Target’s stock. But to say that the attack Target suffered had no impact on its stock price is to believe the data breach wasn’t mentioned during the board meeting when it was decided to change CEOs.   

 

Stock brokers are better at securities than security. However, they can tell a lot about a company by its reaction to negative events such as a data breach. The truth is, data breaches give companies an opportunity.  Having a response plan matters. Achieving compliance is easy. Achieving security is not.  Companies would do better to implement standards such as BSIMM instead of relying on compliance requirements or other government suggestions that although must be met simply don’t go far enough in protecting data. And as for Target? Their stock has not yet recovered fully, and part of that simply has to be both the timing and scale of the data breach they suffered during the last holiday season.  Perhaps the retail industry is simply more susceptible to a loss in consumer confidence. But so far, Target indicates that data breaches can have more than a short term influence on the price of a company’s stock.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation