The Impact of Data Security Breaches on Company Value

Keeping a business secure is a never-ending race, with cyber attackers and bad actors seemingly always one step ahead. While business organizations are investing in security technologies at unprecedented rates, attack methods are evolving similarly. That calls for additional cybersecurity investments and technologies. According to Gartner, over $188 billion will be spent on information security products and services in 2023, and global spending will exceed $262 billion over the next three years at an 11 percent annual growth rate.

Cybersecurity spending trends reflect the impact of a cybersecurity incident on a company’s value. A data breach incident can affect a company's stock price by 7.27 percent on average. Furthermore, this decline in stock value is separate from the direct damages of data breach incidents, which is an average of $9.44 million for U.S.-based companies.

All of these numbers point to a simple fact: business organizations must operate in a secure environment and prevent data breach incidents to protect their market value.

An organization's market value is inherently tied to two key factors: the potential to generate revenue; and resilience to prevalent risk factors. A security breach of sensitive information assets is one of the primary risks that can affect an organization’s growth and revenue potential and, thus, its market value over the long term.

Since the pandemic, many business organizations have adopted the work-from-home model that hinges on ubiquitous access to sensitive business information and IT services. Most organizations rely on cloud-based data platforms – some managed by internal IT – to meet these evolving demands on data access controls. However, this approach leaves organizations vulnerable to cyberattacks. 

With the increasing engagement of end-users – for both internal business operations and external customer engagements – through online channels, organizations are aggregating information assets and integrating IT services in cloud-based data platforms. The technology centralizes the storage of data assets and streamlines real-time information access. 

But what happens when a vulnerable external IT service is integrated into your platform? Consider the case of the massive data breach that hit 500 e-commerce vendors in a single day. The targeted vendors all used the Magento 1 e-commerce platform, which was compromised when malware was injected into the site. The attackers then accessed a hoard of sensitive financial information across vendor sites, including credit card data and passwords.

Similar cyberattacks have hit U.S. healthcare organizations to steal sensitive electronic health record (EHR) data assets, which are then held hostage for ransom. According to recent research by the U.S. Department of Health and Human Services, the healthcare industry's cost of a data breach is $9.23 million on average.

In addition to the ransomware, government regulations such as HIPAA and the EU’s GDPR impose large fines and penalties on companies that failed to secure sensitive Protected Health Information (PHI) – up to $1.5 million per incident.

The costs incurred from direct revenue losses, exposure of the intellectual property and trade secrets, and legal repercussions and fines–not to mention crisis PR management–all add up to be a huge financial burden that can inflict severe damage onto a company.