FTSE 100 investors could lose hundreds of millions as a result of cyber crime share price hits
Severe cyber attacks have cost global investors at least £42bn in recent years according to a new in-depth study published this morning.
Security breaches directly correlate with lower share prices, according to a report from CGI Group and Oxford Economics.
It reveals that share prices fall by an average of 1.8 per cent on a permanent basis following a severe breach.
Investors in a typical FTSE 100 firm would be worse off by an average of £120m after a cyber attack.
Read more: Few businesses are ready for the biggest ever overhaul of data regulation
Oxford Economics examined a sample of 65 “severe” and “catastrophic” cyber security breaches since 2013 across seven global stock exchanges, in order to estimate the effect on share prices. Overall, it said the attacks cost shareholders £42bn.
In recent years high-profile cyber attacks have rocked companies such as Yahoo and Talk Talk. Just this week, payday lender Wonga said it had been hit by a severe data breach.
“In some cases the relative share price fall for affected companies was much higher, with one attack lowering the company’s valuation by 15 per cent,” said Oxford Economics wonk Ian Mulheirn.
Read more: The GDPR Doomsday Clock strikes a minute closer to midnight
UK firms presently have no specific breach-notification obligation under the The Data Protection Act. However, as of May next year, when the EU’s General Data Protection Regulation (GDPR) is enforced, all businesses handling EU citizen’s personal data will have just 72 hours to notify data subjects of a breach.
Andrew Rogoyski, vice president of cyber security at CGI in the UK, estimated that “only around 10-20 per cent of the major breaches companies suffer in Europe are currently made public, so lost shareholder value across European markets could rise by as much as a factor of 10 when the new regulations take effect in May 2018.”
A recent survey of FTSE 100 companies found 87 per cent stated that cyber security is a “principal risk” to their organisation. Rogoyski added: “We are beginning to see City analysts, venture capital firms and credit ratings agencies factor cyber security readiness into the way they assess firms – this is positive and should encourage boards across the world to treat cyber security as an enterprise-wide risk.”