Data Breaches Have Cost FTSE 100 Firms Approximately £120 Million

Numerous security experts have noted that data breaches at the Financial Times Stock Exchange’s (FTSE) 100 firms have cost approximately £120 million in market value.

£120 million isn’t really loose change that organisations and firms should disregard; it should be a wake-up call!

According to the Breach Level Index, almost 1.4 billion data records were lost or stolen in 2016. The statistics showed an 86% increase from the previous year. The Breach Level Index notes that:

“…more and more organisations are accepting the fact that, despite their best efforts, security breaches are unavoidable.”

I don’t believe this is good enough; the amount it’s costing the industry should be a strong incentive for firms and their security departments to ensure their cybersecurity is robust.

Drop in share price

According to Computer Weekly, top UK firms are incurring losses on their share price – as much as 1.8%! – as a direct result of data breaches.

The CGI White Paper notes that this figure has doubled in the past 18 months. They also note that, in extreme cases, data breaches have wiped as much as 15% off affected companies’ values.

Will more data breaches be disclosed?

Although these data breaches can have a significant impact on shareholders, the Cyber-Value Connection analysis suggests that data breaches will become more and more costly.

One of the reasons for this is because regulations like the Data Protection Act, the EU General Data Protection Regulation (GDPR), and the Network Information Security (NIS) Directive will enforce heavier compliance and punishments from companies. If they fail to comply with data protection regulations, fines – among other sanctions – can be imposed on them. From May 2018, the GDPR can also force companies to disclose data breaches, which should hopefully ensure that companies plan and manage, as well as report, cyber-attacks.

In the companies’ best interest

Surely it’s in the best interest for the CEO to address these security concerns? As the CGI study says: “the CEO has [the] responsibility for increasing company value”. With evidence to support the link between data breaches and the decrease in company value, it’s clear that CEOs must get their acts together to ensure direction and governance when it comes to cybersecurity for their company.

In the shareholders’ best interest

The report was based on the study of 65 ‘severe or catastrophic’ breaches at FTSE’s 100 companies in the past 4 years. It seems that shareholders are kicking the companies up the backside to take cybersecurity seriously. I mean, who wouldn’t when your investment depends on it? Why should shareholders lose value in their shares just because the company can’t seem to have adequate cybersecurity?

The CGI report reveals that shareholders have lost at least £42 billion since 2013 due to ‘severe’ data breaches. However, the report notes that this figure includes only the publicly known ‘severe’ breaches, and the actual amount lost is likely to be a lot higher.

How data breaches can directly affect share price

An example of how data breaches can affect company share prices can be shown in Yahoo’s data breach (2014). The tech giant reportedly compromised approximately 1 billion email accounts. In their sale with Verizon, Yahoo was forced to give a discount of $350 million (£271 million) after the breach in 2013 and 2014.

Cyber-security recommendations

Companies may wish to take up the CGI’s recommendations for effective cyber-security as follow:

Appoint someone at board level to be responsible for cyber security and know-how to address the risks and demonstrate leadership during times of crisis.
Include cyber security on every board agenda, reporting on: risk to the business; nature of sensitive data; and mitigation progress at a minimum.
Treat cyber security as a company-wide business risk and assess as you would with other key business risks such as major safety issues, environmental disasters, or accounting scandals.
Ensure the company understands the rapidly developing legal landscape that applies to cyber risk – in particular, begin preparing for the GDPR and NIS directives now!
Get specialist expertise to advise and inform the board; whether from internal teams or external advisors.
Set a programme of work to manage cyber risk, allowing a realistic time and budget.
Encourage discussion about risk appetite, risk avoidance, risk mitigation, and cyber security insurance.
Assume you have already been breached but you might not yet know about it. Take action to reassure yourself no such attack has taken place, but plan on the assumption that they have.

Source Info:

http://breachlevelindex.com/assets/Breach-Level-Index-Report-2016-Gemalto.pdf

https://www.cgi-group.co.uk/sites/default/files/files_uk/pdf/cybervalueconnection_exec_summary_lr.pdf

https://www.cgi-group.co.uk/white-paper/the-cyber-value-connection

http://www.computerweekly.com/news/450416724/Data-breaches-strip-tens-of-millions-off-UK-firms-market-value-study-shows

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.