As we approach the holiday season, and with Black Friday having just passed, we’re taking a closer look at one of the biggest threats to the stock market this time of year: cyberattacks.
For decades, information security mainly operated in the shadows of organizations, a misunderstood skillset often left to its own devices. Now, however, companies are more vulnerable to data breaches as business operations have increasingly shifted online, from customer and vendor transactions, sales tracking and compensation figures, to name a few.
Industry breaches
This increased vulnerability raises the likelihood of reputational damage and a significant drop in share price. Take Capital One (NYSE:COF), for example. When the company disclosed that it suffered a data breach in July 2019, its share price immediately fell nearly 6 per cent in after-hours trading. In the two weeks that followed, the share price plummeted by nearly 14 per cent.
This story is far from unique. Equifax’s (NYSE:EFX) share price fell by 60 per cent after their cyberattack in 2017. And Indigo (TSE:IDG) lost C$50 million in its last fiscal year, because of a ransomware cyberattack that dropped the company’s share price by 10 per cent over the first week of the breach. The attack rendered Indigo’s stores unable to process debit, or credit card transactions for several days, and wiped out online sales for almost a month.
Surprisingly, not all companies experience major losses to their market value after a breach. The share prices of Norsk Hydro (OTCMKTS:NHYDY) and JPMorgan Chase (NYSE:JPM), for example, quickly recovered shortly after suffering cyberattacks in September 2019 and March 2014, respectively.
But determining causality between share price reactions and cyberattack disclosures is difficult. A range of factors impact share price after a breach, such as market sentiment, industry news, company size, or perceived seriousness of the cyberattack.
So why do some companies seemingly avoid major share price damage after a breach? Industry surveys and academic studies on the topic suggest that intricate incident response plans have an outsized influence on how investors react.
Responses including external statements that acknowledge the breach, and detailing the company’s remedial steps, along with offering support to those whose data might have been compromised, can be an invaluable step toward reassuring investors.
Cyberattack disclosure requirements
Strict, post-breach government disclosure requirements, such Canada’s Personal Information Protection and Electronic Documents Act, known as PIPEDA, obligate companies to report data breaches to the provincial privacy commissioner. This legislation also requires companies to notify potentially compromised individuals within a specific period.
Be sure to stay up to date on all the latest stock market news, including company security breaches and Stockhouse.com.
Join the discussion: Find out what everybody’s saying about public companies and hot topics about stocks at Stockhouse’s stock forums and message boards.
The material provided in this article is for information only and should not be treated as investment advice. For full disclaimer information, please click here.