A study entitled The impact of a data breach on reputation and share value, carried out by the Ponemon Institute for Centrify, found that many companies tended to under-estimate the true cost of data breaches.
A total of 749 Australian IT professionals were surveyed by Ponemon – 215 in IT operations and information security, 218 senior marketing professions and corporate communications practitioners, and 316 consumers.
The study was undertaken in view of the fact that Australia data breach laws take effect on 22 February 2018.
But when companies demonstrated that they took security seriously in the wake of a breach, the share value was recovered after an average of seven days. Those who adopted a lax posture found that the value came back only after an average of more than 90 days.
On the consumer side, a third of consumers affected by a data breach said they discontinued a relationship with an organisation that was hacked.
Forty percent of the Australian IT practitioners surveyed said their organisations had experienced data breaches involving loss or theft of more than 1000 records containing sensitive or confidential customer or business information in the two years preceding.
However, while it was found that data breaches affected brand reputation, more than two thirds of IT practitioners did not think it was their responsibility to protect their company's brand.
Centrify chief executive Tom Kemp said: "This report serves as a wake-up call to every organisation that security isn’t just about protecting data, it’s about protecting the business.
“Data protection is no longer just an IT problem. When a breach can decimate your valuation and decimate your customer base, it must be elevated to the C-suite and boardroom because it requires a holistic and strategic approach to protecting the entire organisation.
“No-one wants to be the next Yahoo!, which after suffering two massive data breaches affecting one billion accounts saw a $350 million reduction in the company’s sale price to Verizon.
“The bottom line is that security is a core business concern which demands the attention of the chief executive, the C-suite and the board of directors. The fact is a breach can damage a company’s image for good.”
Centrify cited the example of Chipotle’s stock which rose 6.8% after reporting better than expected Q1 earnings; those gains fell by half after the firm revealed a data breach while the cost to Chipotle shareholders was more than US$400 million.