Skip to content Skip to footer
0 items - $0.00 0
Menu

Data breaches affect stock market share prices (2021) by mooreds

0CommentsShare Post
Data breaches affect stock market share prices (2021) by mooreds
News

Data breaches affect stock market share prices (2021) by mooreds

October 29, 2023
0Comments
Share This Article
Share Post
Newsletter

Sed ut perspiciatis unde.

Subscribe

Send to HN

new york city charging bull

A data breach incurs serious consequences no matter whether a company is big or small. Staff get fired, executives issue apologies, and entire systems are overhauled to ensure that it doesn’t happen again. They instill doubt in consumers, damage the company’s reputation, and the impact can last for years. A data breach can harm both public sentiment and a company’s competitive edge in the market.

But how do investors react to data breaches? Does Wall Street punish companies that leak customer data? This is the question we will attempt to answer.

We analyzed the closing share prices of 34 companies, all of them listed on the New York Stock Exchange, starting the day prior to the public disclosure of their respective data breaches. Included are many of the largest data breaches in history; all of them resulted in at least 1 million records leaked, and some surpassed 100 million. Some companies were breached more than once, for a total of 40 breaches analyzed.

Some of our key findings include:

  • Share prices of breached companies hit a low point approximately 110 market days following a breach. Share prices fall -3.5% on average, and underperform the NASDAQ by -3.5%
  • Six months after a breach, the companies we analyzed performed worse than they did in the six months prior—just barely. 21 out of 40 breaches resulted in worse stock performance versus the NASDAQ in the six months after a breach than they did in the six months prior. In the six months leading up to a breach, average share price grew +2.6%, compared to -3.0% following a breach. The companies underperformed the NASDAQ by -2.6% leading up to the breach, slightly better than the -3.0% underperformance six months after.
  • In the long term, breached companies underperformed the market. After 1 year, Share price fell -8.6% on average, and underperformed the NASDAQ by -8.6%. After 2 years, average share price fell -11.3%, and underperformed the NASDAQ by -11.9%. And after three years, average share price is down by -15.6% and down against the NASDAQ by -15.6%. It’s important to note the impact of data breaches likely diminishes over time.
  • Tech and finance companies saw the largest drop in share price performance following a breach, while ecommerce and social media companies were least affected
  • Breaches that leak highly sensitive information like credit card and social security numbers see more immediate drops in share price performance on average than companies that leak less sensitive info, but in the long term they do not necessarily suffer more

The companies include: Apple, Adobe, Anthem, Community Health Systems, Capital One, Dun & Bradstreet, Estee Lauder, Facebook, First American Financial, Ebay, Equifax, Global Payments, Home Depot, Health Net, Heartland Payment Systems, JP Morgan Chase, LabCorp, LinkedIn, Marriott International, MGM Resorts, Microsoft, Monster, Quest Diagnostics, T-Mobile, Sony, Staples, Target, TJ Maxx, Under Armour, Vodafone, Walgreens, Yahoo, and Zynga.

Methodology

Excluding statistical outliers, we analyzed the share prices of these companies chosen on the following criteria:

  • They experienced a breach of 1 million or more records
  • They were publicly listed on the NYSE at time of breach disclosure
  • The breach has been publicly disclosed

At first, we simply looked at whether the share price went up or down, but this method fails to account for market forces beyond the scope of the study. To control for this, we opted to add a second stage to the analysis. In this stage, we compare the performance of each stock with the NASDAQ for the same time period, and calculate the difference in performance between them. The NASDAQ is a common standard for overall market performance, and most of these stocks are listed on it. We used a NASDAQ composite index as a benchmark for the wider market. Here’s the formula:

(((Company prices on day X after breach)/(Company price on day prior to breach)-1)*100) - (((NASDAQ prices on day X after breach)/(NASDAQ on the day prior to breach)-1)*100)

Essentially, we anchor the NASDAQ index performance to zero. That means if a company’s stock fell 1% and the NASDAQ rose 2% in the month after a data breach, the calculated decrease is 3%. If the NASDAQ fell 2% and the company’s stock price rose 2%, we report an increase of 4%. If the NASDAQ rose 2% but the company only rose 1%, that’s a 1% decrease versus the market. Finally, if the company’s stock price falls 2% but the NASDAQ falls 3%, then the company still sees a relative increase of 1%.

In short, we make the NASDAQ’s performance the baseline instead of zero. We are primarily concerned with the following:

  • the effect of a data breach on closing share price at various time intervals
  • the percent difference in closing share price performance versus the NASDAQ over the same period of time from the day prior to a breach,
  • and how long it takes for a share price to “bottom out” after a breach.

Historical stock data was downloaded in September 2019.

We analyzed all of the stocks together and then split them up by different factors to see if we could spot any patterns. These factors include the year of the breach, the size of the breach, the sensitivity of the leaked info, and the industry of the company. These findings, while insightful, are less statistically significant due to the smaller sample size.

Stock exchanges are only open on business days, which means no weekends or holidays. Here’s a quick reference that roughly converts business days to total time:

  • One year: 253 business days
  • 9 months: 198 business days
  • 6 months: 132 business days
  • 3 months: 66 business days
  • 1 month: 22 business days
  • 1 week: 5 business days

While we use daily means to present our findings in this article, we additionally include polynomial trend lines in our visualizations to better represent the data.

Limitations

One of the biggest limitations to this study is sample size; there aren’t many companies that fit the criteria.

As with any financial market study, there is a huge slew of factors that could affect stock price which we cannot account for. While we’ve tried to minimize blindspots by comparing share price performance against that of the NASDAQ, there are bound to be some unexplained inconsistencies.

Two noteworthy factors that we did not cover in this analysis stood out most. The first: payouts. If a data breach leaks particularly damaging information that ultimately incurs financial damages to a company’s customers, and the company was shown not to have adequately protected the information leaked in that breach, then customers often sue in class-action lawsuits. These usually result in settlements, in which the company forks out millions of dollars to reimburse customers for damages. This does not always happen and the amount paid out varies, so we simply don’t have enough data to fit a practical model that shows how these settlements affect stock prices.

The second is financial reports. This would perhaps warrant an entirely separate study. We analyzed the share price starting with the day prior to when a data breach was publicly disclosed. While a company might divulge what information was leaked and how many records were affected in that initial disclosure, other consequences might not be revealed until the company releases its requisite quarterly shareholder report. This could include loss of sales or users, diverting funds to invest in data security, or other important information related to the breach that could cause investors to jump ship.

Stock prices suffer following a breach, but perhaps not as much as one might assume. After 14 market days, or roughly three weeks, share prices drop -3.5% on average. In the six months leading up to a breach, average share price grew +2.6%, compared to -3.0% following a breach. However, the companies underperformed the NASDAQ by -2.6% leading up to the breach, slightly better than the -3.0% underperformance six months after.

The NASDAQ comparison gives a similar result. 14 market days after a breach, average share price bottoms out and underperforms the NASDAQ by -3.5%. After six months, the average share price performance falls -3.0% against the NASDAQ.

We compared the average daily volatility for the six months prior to breach against the six months after. Average daily volatility across all stocks decreased slightly from 0.405% to 0.349%

Long term effects of data breach on share price

In the long term, breached companies underperformed the market. After 1 year, Share price fell -8.6% on average, and underperformed the NASDAQ by -8.6%. After 2 years, average share price fell -11.3%, and underperformed the NASDAQ by -11.9%. And after three years, average share price is down by -15.6% and down against the NASDAQ by -15.6%.

These findings seem to indicate that breaches have an overall negative effect on share price in the long term. However, it’s important to note two important factors that could influence the results. The first is that some of the companies we analyzed were breached relatively recently, so we don’t have a full three years worth of post-breach data for every company. The sample size at three years is smaller than

Read More

Tags:
0Likes
Leave a comment

Leave a comment

In the Shadows of Innovation”

© 2025 HackTech.info. All Rights Reserved.

Sign Up to Our Newsletter

Be the first to know the latest updates

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.