Data breach drove 73% drop in profits of victim firms  

Public companies saw their net income drop by an average of 73% roughly one year following the announcements of a data breach, according to a report from ExtraHop that analysed the financial impact of several high-profile incidents. 

Industry research on the cost of a data breach has historically focused on the number of records stolen or people affected, overlooking long-term consequences, insurance premiums, or earnings results. 

To help business leaders better understand the full impact of a data breach, the analysis from ExtraHop looks at the costs associated with data breaches at six organisations, calculating the sum of regulatory fines, legal settlements, and cyber insurance, in addition to the longer-term effects on corporate earnings and stock price. 

Nearly all organisations analysed experienced a decline in quarterly earnings and stock prices after a data breach occurred. In one example, ExtraHop noted a company’s stock price fell by nearly 21% the day after the breach was reported, and net income dropped 27% year-over-year in the quarter the breach was reported. 

These losses are in addition to over $1 billion in reported costs, including regulatory fines, legal fees, and multiple settlements with consumers, businesses and individual states. 

“When a data breach hits, real people lose real money — it goes way past the upfront costs that accompany stolen records and the number of people affected,” said Patrick Dennis, CEO, ExtraHop. 

“Both investors and customers lose faith in the business, which has a ripple effect on the organisation for years to come,” said Dennis. “It’s important that corporate leaders take a hard look at their budget and make the cybersecurity investments they need to more effectively manage risk.”

According to ExtraHop, organisations need full visibility into their network to track the movement of potential intruders and identify security threats before they become business problems. 

With full network transparency, organisations can uncover the truth about attackers to see more of what they’re doing and stop them with greater speed, precision, and frequency.