Are data breaches so common now that they're just the price of doing business? According to recent reporting from ZDNet, Wall Street investor "fatigue" has meant that companies that suffer a breach are less likely to take a major hit on the market.
The surge of attacks hasn't just hit Wall Street, but investors around the world. On Jan 25, Australia's securities regulator, the Australian Securities and Investment Commission (ASIC) announced that a security breach of its file-transfer vendor had resulted in sensitive information being exposed, according to Reuters.
A more muted reaction
There's no doubt that cybersecurity breaches are costing enterprises more than ever before. According to IBM's 2020 Cost of a Data Breach report, large companies are spending an average of $3.86 million on every breach incident, with some costing as much as $392 million and even more.
Where these breaches aren't hitting organizations nearly as hard, however, is on the stock market. ZDNet cited Comparitech's most recent annual report, which showed a reduction in the average dip of share prices following the disclosure of a data breach. According to the report, prices fall an average of 3.5% in the two weeks following disclosure, up from 7.27% as recently as 2019. While the immediate drop in prices following a breach was relatively limited, so too were any price surges after more extended periods of time. More than half of the studied companies still had lower stock prices six months after a breach than they did before the incident.
Researchers also noted that the severity of a stock price hit depended on the gravity of the data breach and the information compromised, with personal data most likely to cause a short-term stumble at the markets.
"Breaches that leak highly sensitive information like credit card and social security numbers see more immediate drops in share price performance on average than companies that leak less sensitive info, but in the long-term, they do not necessarily suffer more," the study read.
Comparitech's research was based on 34 companies listed on the New York Stock Exchange and 40 distinct data breaches that these organizations faced. Each selected incident involved at least 1 million records and was disclosed publicly.
Notably, the study does not examine the potential legal peril that enterprises who experience a data breach may find themselves in. Often, if a security breach is the result of human error or a lax cybersecurity protocol, an organization may find itself vulnerable to litigation in the form of class-action lawsuits, mass torts or other actions. This is especially true if the stolen data included sensitive customer information.
Data breach down under
While data breaches may be fazing investors less and less, they can still have an outsized impact on enterprises as well as the agencies that regulate them. The ASIC, for one, is still dealing with the cyberattack it faced. Credit-license applications were among the data compromised in this incident. In a statement, the agency noted that "there is some risk that some limited information may have been viewed by a threat actor" but noted that no files had been downloaded.
The attack was a part of a major data breach of Accellion's File Transfer Appliance, a program commonly used across multiple industries. Notably, the File Transfer Appliance product is over 20 years old, leaving it particularly vulnerable to a number of threats. Upon learning of the attack, ASIC was able to disable its server and prevent hackers from accessing any other parts of the agency network.
The financial sector isn't the only industry to feel the impact of the Accellion breach, however. Major law firms like Goodwin Proctor and Jones Day have each released statements following the breach. Other major Accellion clients include the state of Washington and several large university systems, such as the University of Colorado. Other Accellion clients in finance include the Reserve Bank of New Zealand.
Sound cybersecurity for every organization
From major corporations trading on the New York Stock Exchange to small businesses just getting started, effective enterprise cybersecurity is a must. One of the easiest and most important ways to shore up your network is by ensuring all of your applications are protected by modern, secure identity frameworks. This can include multi-factor authentication, and some vendors are even moving to integrate biometric recognition technologies such as fingerprint readers.