Security Risk Management

Investors DO Care About Data Breaches

Tom Turner | May 23, 2014

How do investors respond to a data breach?I just read a good article with a controversial title by Eric Chemi in Business Week, "Investors Couldn't Care Less About Data Breaches." Chemi asserts that based on the current stock behavior of eBay and the prior stock activity of Target, TJX, Sony etc. that investors don’t care about data breaches. I think it is wrong-headed to suggest that because a company gets hacked, it is therefore fundamentally unsound and investors should flee for their lives. So, this article has merit and shareholder activity of the representative companies seems to support that.

However what the author of this article misses is that breaches DO have seismic impact on companies in the same way that earnings misses, and law suits, and geo-political issues do. Investors may not immediately care about a breach, but customers do (given the choice between selling an article on eBay or Craigslist today, are you telling me that the breach is NOT a consideration?). Especially if an overhaul of business process (including security) doesn’t take place and isn’t made very visible to the customer. The stock drop of Sony, TJX and others may have been caused by investor fear in the wake of the breach, or by shrinking earnings due to customer fear of doing business with the company. Either way, the recovery of the stock (and the reputation of the company) had to include significant changes in operations, not to mention a very public push for improved security posture.

That is why cyber is now a boardroom issue, because hacks are expected and recoveries must be planned and executed.

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...


3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...


Subscribe to get security news and updates in your inbox.