Discovering your company has experienced a data breach can have severe consequences. Not only does it impact those directly affected by the leak – such as your customers and employees whose data has been stolen – and your business, if confidential information is shared, but it can also negatively affect your long-term share price.
A 2021 study by Comparitech revealed that in the long-term, breached companies tend to underperform the market. They analysed the closing share prices of 34 companies listed on the New York Stock Exchange – including Apple, Facebook, Estee Lauder, JP Morgan Chase and Sony – from the day before they publicly disclosed the data breach. They found that, whilst the impact of the breaches likely diminished over time, all saw their share price consistently fall. After 1 year, it fell -8.6% on average, and underperformed the NASDAQ by -8.6%, and after three years, the average share price was down by -15.6% and down against the NASDAQ by -15.6%.
They also found that tech and finance companies saw the largest drop in share price performance following a breach, while e-commerce and social media companies were least affected.
The example of Okta
A recent example of the impact data breaches have on stock price is Okta – an employee and customer identity solution provider. In October 2023, it lost USD 2bn of its market value, with the share price falling 11%, in just two days following a disclosure that an unidentified hacking group had accessed client files through a support system.
Given their business is centred around helping companies manage and secure user authentication into applications, this incident didn’t instil confidence in their customers or the market. And this isn’t the first time the company has been impacted by a security breach. Earlier in 2023, the Okta installations of casino’s MGM and Caesars were attacked, using a sophisticated social engineering attack that went through IT help desks. This resulted in more than USD 100m in direct and indirect losses.
This example shows that not only is it crucial to make sure your own systems are secure against social engineering attacks, but that your suppliers’ systems are too. Given that the fall-out of a data breach can spread beyond one single company, particularly if they are a service provider, it’s important to work with suppliers that you can trust.