Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

05:55 PM
Connect Directly

Do Cyberattacks Affect Stock Prices? It Depends on the Breach

A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.

In the aftermath of a data breach, ransomware attack, or vulnerability disclosure, organizations may think about how the news will cause their stock price to dip. New research indicates that although security incidents do affect stock price, the size of this impact largely depends on the circumstances — and rarely lasts.

Related Content:

Security Gaps in IoT Access Control Threaten Devices and Users

Special Report: Tech Insights: Detecting and Preventing Insider Data Leaks

New From The Edge: 10K Hackers Defend the Planet Against Extraterrestrials

Alejandro Hernández, senior security consultant at IOActive, became curious about the correlation in a previous role when a company with which he was working discovered a "huge" software vulnerability. His colleagues began to speculate how much the stock would dip — some guessed 10%, others said 20%. The business's stock price fell only 3% that day, prompting him to start some new research.

Hernández began to closely examine the organizations that experienced vulnerabilities, security incidents, espionage attacks, or faced criticism for privacy concerns and misinformation. His data includes the company name, sector, type of issue or incident, details of the incident, date of disclosure, change in stock price, and the amount of time it took the stock price to recover.

For many of these incidents, the price drop was minor and recovery time was less than two weeks. But some have a larger impact: The 2017 Equifax breach, for example, kick-started a price drop that hit 31% a week after its disclosure. Many people thought the company would never recover, Hernández says, but its stock was back up within less than two years.

Of similar significance was the more recent SolarWinds campaign, which Hernández classified as an espionage operation because there was a nation-state involved. He says these attacks are among the most harmful to corporate stock price, sometimes leading to a drop of 17% to 20%.

"All of the problems that relate to national security around the entire country are the worst ones," he explains. But the stock price drop following disclosure of the SolarWinds attack was short-lived: Now, four months after disclosure, the company's stock is on its way back up.

While one might guess these two headline-making breaches might cause stock prices to fall, that logic can't be applied to all major incidents, Hernández says, as some have greater impact than others. The disclosure of vulnerabilities, for example, leads to a 4% price drop on average, and affected organizations recover within one month. For 40% of businesses that disclosed a vulnerability, their stock price wasn't affected at all.

[Hernández will share his data and observations at the upcoming Black Hat Asia virtual event in his talk, "A Walk Through Historical Correlations Between Vulnerabilities & Stock Prices"]

"On the other hand, incidents impact more than vulnerabilities, [with a] more than 5% drop," he continues. "The recovery depends on the amount and sensitivity of the data leaked," though he notes 63% of businesses hit with an attack recover in less than a month, even if sensitive data such as credit card information or personally identifiable information was compromised.

"Security incidents" is a blanket term for data breaches, ransomware attacks, and other events that might hit an organization. Of these, Hernández says ransomware does the most damage to stock price. In the short term, victims may not see a sizable difference; however, when it's clear that an attack will influence the entire quarter due to production and shipping delays, they will.

His research shows it's not only victim companies that are affected, but their parent companies as well. The Yahoo breach caused stock prices to fall for parent company Verizon; the disclosure of a vulnerability in WhatsApp in 2018 affected the stock for parent company Facebook. Similarly, organizations' stock price can be affected when a security issue affects their suppliers.

Security events only began to affect stock prices within the past few years, he points out.

"I have noticed that the older data breaches before 2015 did not have a sharp price drop, and they recovered in less than a week," says Hernández of earlier attacks affecting Sony, Target, JP Morgan, Home Depot, and Anthem. While all made headlines, the victim companies' stock prices didn't drop as he would have expected.

He attributes this change to the greater importance of cybersecurity among businesses and consumers, who now pay attention when a company they've shopped at has been breached. As security awareness continues to grow, Hernández anticipates cyberattacks, vulnerabilities, and other security issues will have a greater influence on stock price for victim organizations.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.