Over the years I’ve seen a disturbing trend, where there must be a school where vendors and information security professionals are taught to invoke fear into business leaders by claiming that an incident will have a severe impact on its stock price. Considering most companies and its leaders are measured on the stock price, this is a very strong statement. I’ve personally never quite believed this and decided to take some time out to dive into the stock impact of some breaches to see if this truly is a concern. Keep in mind there is nothing scientific about this data and it doesn’t take into account repercussions over the long haul from incidents stemming related to nation state espionage (Perhaps that is another research endeavor).
Let’s take a look at some high profile data breaches that made the news (Data As of Jan 14, 2015):
While there is nothing scientific to this study, there are a couple of interesting data points above and I think it begins to lend credibility to the argument that breaches don’t have a material impact to stock price, either at the end of the day or over the long haul. Diving deeper into the intraday stock data you can sometimes see a dip during the announcement, but generally it is a blip and the stock returns to normal. The Target breach is perhaps the most interesting one, but I suspect they will be back on track within the year. Overall though, my conclusion- ironically enough- is that I may begin to invest in a stock immediately after a breach hits the news and hold for a while.
As time permits (or if you have a request), I’d be happy to piece other stock breach data together and add to this, just message me on twitter (@SeanAMason).