The analysis revealed companies' share prices fall by an average of 1.8 percentage points on a permanent basis after a severe cyber incident.
In addition, some cyber incidents have "wiped as much as 15 off affected companies' valuations," the analysis showed.
Key Findings from the Analysis
The Cyber-Value Connection examined the reduction in company value that arises from a cyber incident, and key findings from the analysis included:
- A cyber incident likely will cause a company's share price to fall. Two-thirds of companies said they had their share price adversely impacted by a cyber incident.
- The value impact of cyber incidents on companies' share prices varies across industries. On average, financial companies suffered the largest decline (2.7 percentage points) in share price after cyber incidents, while retail, hospitality and travel businesses experienced the smallest (0.4 percentage points).
- The impact of cyber incidents on companies' share prices is getting worse. In 2015 and 2016, companies' share prices fell by an average of 2.7 percentage points after a cyber incident. Comparatively, businesses' share prices declined by an average of 0.2 percentage points after a cyber incident in 2013.
Companies are facing greater scrutiny from investors and regulators alike as key stakeholders become more sensitive to cyber incidents, the analysis revealed. As such, CEOs must allocate the necessary time and resources to understand and manage cyber threats.
"Clearly, the CEO has responsibility for increasing company value. With the link between cyber breach and company value ... it is clear the CEO's responsibility must also include direction and governance of cybersecurity," researchers noted in the analysis.
Protect Your Customers Against Cyber Threats
- Perform a security risk assessment. Learn about security risks and how these dangers may impact a company's bottom line.
- Protect networks and devices. Deploy a password policy that requires passwords to be updated at least every 90 days, along with firewall, virtual private network (VPN) and antivirus technologies to safeguard endpoints and networks.
- Maintain up-to-date software. Complete software updates and patch management regularly.
- Control computer access. Require employees to use key cards or implement other security measures to reduce the risk that unauthorized users can gain access to sensitive data stored on business computers.
- Establish clear-cut cybersecurity policies. Distribute a list of cybersecurity best practices and instructions to all employees.
- Offer cybersecurity training. Develop a mandatory cybersecurity training program for employees.
With this checklist, MSSPs can help customers safeguard their applications, data, infrastructure and networks effectively.