Recent research suggests that companies suffering from data breaches not only bear the cost of remediation, but also a significant drop in income. According to a report by ExtraHop, public companies experience an average net income decline of 73% within the first year of disclosing a breach, revealing the severe financial consequences of security incidents.
The study analyzed the overall costs associated with data breaches in six undisclosed organizations, considering potential regulatory fines, legal settlements, and cyber insurance expenses in addition to earnings impact. The report found that almost all organizations experienced a decrease in quarterly earnings following a breach, often leading to a significant drop in stock prices.
For example, one company’s stock price plummeted by nearly 21% on the day after disclosing a breach, accompanied by a 27% year-over-year decrease in net income in the quarter when the breach occurred.
Furthermore, these income losses are exacerbated by the additional costs that companies face after a breach. In the case studied, ExtraHop reported over $1 billion in expenses, including regulatory penalties, legal fees, and settlements with consumers, businesses, and states.
The research revealed that net income declined by an average of 73% within nine to twelve months of a breach announcement for five of the organizations studied. Additionally, companies experienced a decline in quarterly earnings and a significant drop in stock prices following data breaches.
While economic and other business factors may have contributed to sluggish financial performances, the study emphasizes that there is no doubt about the impact of breaches on company performance.
Patrick Dennis, CEO at ExtraHop, highlighted the “ripple effect” of a security incident on company finances, including reputational damage and a loss of trust from consumers or clients. He emphasized the importance of corporate leaders reassessing their budgets and making necessary cybersecurity investments to effectively manage risk.
Data breach costs pose a considerable burden on organizations. Recent research by IBM revealed that UK businesses face average costs of £3.4 million following an incident. Although there has been a decrease compared to 2022’s average cost of £3.8 million, the figures from 2023 still represent a 9% increase from 2020, underscoring the escalating costs associated with data breaches in the past three years.
To protect consumers and businesses, stricter regulatory standards, such as the EU’s GDPR legislation, have been introduced in recent years. Last week, the US Securities and Exchange Commission (SEC) implemented rigorous reporting requirements for public companies encountering security incidents. The new rules, known as ‘Form 8-K,’ mandate the disclosure of a data breach or security incident within four days, including information on timing, scope, and potential impact on customers or clients.