Companies experienced an average stock price decline of 5 percent immediately following the disclosure of a cyber breach, according to a new survey by the Ponemon Institute. In addition to a decline in stock value, 31 percent of consumers surveyed say they discontinued their relationship with the company that had a data breach and 65 percent lost trust in the breached organization. Additionally, according to the study, “organizations with a poor security posture experienced an increase of up to seven percent customer churn, which can amount to millions in lost revenue.”
Despite the negative consequences of data breaches on brand reputation, 39 percent of information technology (IT) practitioners and 36 percent of chief marketing officers (CMOs) surveyed by Ponemon “don’t believe that brand protection is taken seriously in the C-Suite.”
For the report (commissioned by Centrify), the Ponemon Institute surveyed 113 companies that experienced a data breach resulting in the loss of customer data. The results of the survey, including responses from IT practitioners, CMOs and consumers, were published in the report The Impact of Data Breaches on Reputation & Share Value: A Study of Marketers, IT Practitioners and Consumers in the United Kingdom. This survey indicated that data breaches have far-ranging, long-term financial and reputational consequences, yet senior management does not take these threats seriously enough.
Data breaches affect many organizations in every industry. Forty percent of IT practitioner respondents and 23 percent of CMOs in this study say their organization had a data breach involving the loss or theft of more than 1,000 records containing sensitive or confidential customer or business information in the past two years. On the consumer side, 51 percent of those surveyed say in the past two years they have been notified by a company or government agency that their personal information was lost or stolen as a result of one or more data breaches.
The majority (79 percent) of consumers surveyed believe organizations have an obligation to take reasonable steps to secure their personal information. Sixty-four percent of CMOs and 66 percent IT practitioners agree this statement. Ponemon concludes that in order to protect brand and reputation, the C-Suite and boards of directors must address consumers’ expectations about how their personal information is used and secured.
Companies should have a good security posture in order to mitigate the reputational and financial damages a data breach can bring. The survey found that companies that self-reported a strong security posture and quickly responded to breaches recovered their stock value after an average of 7 days. In contrast, companies that had a poor security posture at the time of the data breach experienced a stock price decline lasting on average for more than 90 days. Yet the report states that 70 percent of IT practitioners do not believe their companies have a high level of ability to prevent breaches.
Ponemon suggests that companies can improve their security by having a dedicated chief information security officer (CISO), adequate resources, participate in threat sharing programs, and make strategic investment in appropriate security enabling technologies.
Read the full report here.