Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/27/2021
05:55 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Do Cyberattacks Affect Stock Prices? It Depends on the Breach

A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.

In the aftermath of a data breach, ransomware attack, or vulnerability disclosure, organizations may think about how the news will cause their stock price to dip. New research indicates that although security incidents do affect stock price, the size of this impact largely depends on the circumstances — and rarely lasts.

Related Content:

Security Gaps in IoT Access Control Threaten Devices and Users

Special Report: Tech Insights: Detecting and Preventing Insider Data Leaks

New From The Edge: 10K Hackers Defend the Planet Against Extraterrestrials

Alejandro Hernández, senior security consultant at IOActive, became curious about the correlation in a previous role when a company with which he was working discovered a "huge" software vulnerability. His colleagues began to speculate how much the stock would dip — some guessed 10%, others said 20%. The business's stock price fell only 3% that day, prompting him to start some new research.

Hernández began to closely examine the organizations that experienced vulnerabilities, security incidents, espionage attacks, or faced criticism for privacy concerns and misinformation. His data includes the company name, sector, type of issue or incident, details of the incident, date of disclosure, change in stock price, and the amount of time it took the stock price to recover.

For many of these incidents, the price drop was minor and recovery time was less than two weeks. But some have a larger impact: The 2017 Equifax breach, for example, kick-started a price drop that hit 31% a week after its disclosure. Many people thought the company would never recover, Hernández says, but its stock was back up within less than two years.

Of similar significance was the more recent SolarWinds campaign, which Hernández classified as an espionage operation because there was a nation-state involved. He says these attacks are among the most harmful to corporate stock price, sometimes leading to a drop of 17% to 20%.

"All of the problems that relate to national security around the entire country are the worst ones," he explains. But the stock price drop following disclosure of the SolarWinds attack was short-lived: Now, four months after disclosure, the company's stock is on its way back up.

While one might guess these two headline-making breaches might cause stock prices to fall, that logic can't be applied to all major incidents, Hernández says, as some have greater impact than others. The disclosure of vulnerabilities, for example, leads to a 4% price drop on average, and affected organizations recover within one month. For 40% of businesses that disclosed a vulnerability, their stock price wasn't affected at all.

[Hernández will share his data and observations at the upcoming Black Hat Asia virtual event in his talk, "A Walk Through Historical Correlations Between Vulnerabilities & Stock Prices"]

"On the other hand, incidents impact more than vulnerabilities, [with a] more than 5% drop," he continues. "The recovery depends on the amount and sensitivity of the data leaked," though he notes 63% of businesses hit with an attack recover in less than a month, even if sensitive data such as credit card information or personally identifiable information was compromised.

"Security incidents" is a blanket term for data breaches, ransomware attacks, and other events that might hit an organization. Of these, Hernández says ransomware does the most damage to stock price. In the short term, victims may not see a sizable difference; however, when it's clear that an attack will influence the entire quarter due to production and shipping delays, they will.

His research shows it's not only victim companies that are affected, but their parent companies as well. The Yahoo breach caused stock prices to fall for parent company Verizon; the disclosure of a vulnerability in WhatsApp in 2018 affected the stock for parent company Facebook. Similarly, organizations' stock price can be affected when a security issue affects their suppliers.

Security events only began to affect stock prices within the past few years, he points out.

"I have noticed that the older data breaches before 2015 did not have a sharp price drop, and they recovered in less than a week," says Hernández of earlier attacks affecting Sony, Target, JP Morgan, Home Depot, and Anthem. While all made headlines, the victim companies' stock prices didn't drop as he would have expected.

He attributes this change to the greater importance of cybersecurity among businesses and consumers, who now pay attention when a company they've shopped at has been breached. As security awareness continues to grow, Hernández anticipates cyberattacks, vulnerabilities, and other security issues will have a greater influence on stock price for victim organizations.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...