Following a data breach, corporate share prices drop by an average of 1.8% on a permanent basis, a new study from CGI has found.
That's an average of $150 million (£120 million) in losses due to a cyber attack.
The group has summarized this phenomenon in what they've called the Cyber-Value Connection, meaning that when a damaging cyber incident occurs, the brand value and share price decreases and results in further losses to the company.
However, losses can be much worse than just 1.8%. Here are the top 10 industry sectors representing the largest decrease in share price:
Different industries experience a decrease in share prices differently. Those in the media and communications or the financial sector tend to do worse. The study shows a 2.7% drop in financial and a 2.6% drop in communications, compared to the average of 1.8% decrease in share prices.
The financial sector has much stricter regulations, and consumers place a much higher degree of trust in these institutions to protect their money; so when a breach occurs, the effects are much more substantial.
In the communications field, identity theft and improper account access are found at higher rates than other industries.
Raf Sanchez, International Breach Response Manager at Beazley, an insurance company, said: "Organizations are collecting more, and more detailed, data about their customers and seeking to monetize this data. The rapid evolution of the regulatory landscape for this data, especially in Europe, means that many organizations are subject to increasingly onerous compliance regimes at a time when the number and nature of cyber risks is growing exponentially."
With GDPR set to roll out in May of 2018, stricter data breach notifications will mean harsher penalties too. Mishandling data will now cost companies 4% of their total global revenue, or €20 million, whichever is higher.
And that's just the fine for failing to protect data; there's still the loss in share price and damage to your brand on top of that.
The report concludes: "The Cyber-Value analysis reveals the connection between severe cyber breach and permanent damage to company value. Adverse publicity surrounding recent public breaches means that cyber risk is increasingly on the radar for investors and regulators alike. Combined, this means cyber is a critical issue for the board and, specifically, the CEO."