Cybersecurity

Market-Changing Research Reveals Link Between Strong Cybersecurity and Stock Price

Jake Olcott | October 6, 2020

One of the biggest questions in cybersecurity now has an answer… and the implications are significant for investors, policymakers, corporate executives, and cybersecurity professionals alike. 

In recent years, various researchers have demonstrated that significant cybersecurity breaches cause material, short term declines in stock price and market share. These analyses are based on reviewing publicly disclosed breaches and tracking stock price post-breach. But while these “event-driven” studies uncovered a critical link between data breach and stock price, a different question remained unanswered: is there a relationship between “ongoing” cybersecurity performance and financial performance?  In other words -- would investing in companies with strong cybersecurity produce greater investment returns?  

We now know that the answer to this question is a definitive “yes.”  

BitSight and Solactive, a German index engineering firm, released new research demonstrating that a company’s ongoing, strong cybersecurity performance is an indicator of business performance.  Analysis shows well-performing BitSight rated companies actually outperform the benchmark index by approximately 1% to 2% with lower volatility.  For certain sectors, such as U.S. Technology, well-rated companies outperform the benchmark by 7%. The findings are an endorsement for the introduction of the Solactive BitSight Cyber Risk Index, a financial index that will enable investors to invest in companies who are top cybersecurity performers as measured by BitSight.  

Screen Shot 2020-10-05 at 4.45.59 PM

The findings from this research will have significant implications for the global marketplace of investors, policymakers, and companies themselves:

  • For investors, knowing that cybersecurity presents not only a risk but a potential opportunity to achieve greater financial returns will likely result in greater attention to cybersecurity performance by the investor community and the widespread incorporation of security performance information into the investment decision-making process. These findings may also differentiate cybersecurity from other non-financial information in that cybersecurity performance is actually critical, material information to be used during the investment process.  The Solactive BitSight Cyber Risk Index can be used as direct underlying or benchmarks of financial products such as ETFs or structured products across the following five index universe compilations: U.S. Market, European Market, Developed Markets, Asia-Pacific Market and U.S. Technology Market.

 

  • For policymakers, understanding that there is clear, measurable market value in ongoing, strong cybersecurity performance should help validate “market-based” policy approaches to cybersecurity. There has long been a global debate about whether “the market” could help address cybersecurity challenges, or if new regulatory requirements were necessary to address market failures. Knowing that investors may achieve greater returns on their investments by investing in strong cybersecurity performers should encourage policymakers to focus more on market-based solutions to global cybersecurity issues, including encouraging greater disclosure and transparency to the investor community.

 

  • For companies, knowing that cybersecurity is not only a risk but potentially a way of attracting investment will almost certainly result in significant changes in the way that senior executives, board members, and security professionals alike manage and measure cybersecurity performance inside of their organizations and communicate these initiatives to external stakeholders like investors. For example, security professionals should consider leveraging this research to justify security budgets and efforts to quantifiably, measurably improve security performance to the board and C-suite. With greater scrutiny of ongoing cybersecurity performance by investors, security professionals now have a chance to firmly establish their seat in the boardroom, making the business a more attractive investment opportunity by demonstrating the value of strong cybersecurity.

We believe that these findings are not only market-shaping… they firmly establish the value of BitSight’s measurements and analytics to the global marketplace. This is yet another independent, statistical validation of BitSight’s market-leading Security Ratings, further cementing the reason why the global marketplace -- investors, insurers, governments, and businesses -- trusts and uses the BitSight platform. 


Read our joint study with Forrester to learn how security is tied to financial performance

"Improved security measurement would greatly improve company financial performance and reduce risk. Nearly three quarters of C-level respondents say that improved security performance measurement would greatly or significantly improve company financial performance."

Forrester Study - Security Performance Management

 

 

Suggested Posts

CISO's Board Report Cyber Security Toolkit

When it comes to reporting to the board, there are plenty of tools at the CISO’s disposal. Looking at the right metrics and putting them in the right context can help turn your next board meeting into a source of confidence, not stress....

READ MORE »

Is Single Sign-On Secure? SSO Benefits for Remote Work

Remote work has always introduced unique and evolving cyber risks. In our “new normal” operating environment, where entire workforces have gone remote, IT security teams are facing an unprecedented challenge.

READ MORE »

Are Your Payment Card Vendors Maintaining PCI Security Standards?

The payment card industry (PCI) has long been a Holy Grail target for bad actors for obvious reasons. Visa, Mastercard, and American Express account for the bulk of the consumer financial activity in the United States. Breaching them would...

READ MORE »

Subscribe to get security news and updates in your inbox.