Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/27/2021
05:55 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Do Cyberattacks Affect Stock Prices? It Depends on the Breach

A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.

In the aftermath of a data breach, ransomware attack, or vulnerability disclosure, organizations may think about how the news will cause their stock price to dip. New research indicates that although security incidents do affect stock price, the size of this impact largely depends on the circumstances — and rarely lasts.

Related Content:

Security Gaps in IoT Access Control Threaten Devices and Users

Special Report: Tech Insights: Detecting and Preventing Insider Data Leaks

New From The Edge: 10K Hackers Defend the Planet Against Extraterrestrials

Alejandro Hernández, senior security consultant at IOActive, became curious about the correlation in a previous role when a company with which he was working discovered a "huge" software vulnerability. His colleagues began to speculate how much the stock would dip — some guessed 10%, others said 20%. The business's stock price fell only 3% that day, prompting him to start some new research.

Hernández began to closely examine the organizations that experienced vulnerabilities, security incidents, espionage attacks, or faced criticism for privacy concerns and misinformation. His data includes the company name, sector, type of issue or incident, details of the incident, date of disclosure, change in stock price, and the amount of time it took the stock price to recover.

For many of these incidents, the price drop was minor and recovery time was less than two weeks. But some have a larger impact: The 2017 Equifax breach, for example, kick-started a price drop that hit 31% a week after its disclosure. Many people thought the company would never recover, Hernández says, but its stock was back up within less than two years.

Of similar significance was the more recent SolarWinds campaign, which Hernández classified as an espionage operation because there was a nation-state involved. He says these attacks are among the most harmful to corporate stock price, sometimes leading to a drop of 17% to 20%.

"All of the problems that relate to national security around the entire country are the worst ones," he explains. But the stock price drop following disclosure of the SolarWinds attack was short-lived: Now, four months after disclosure, the company's stock is on its way back up.

While one might guess these two headline-making breaches might cause stock prices to fall, that logic can't be applied to all major incidents, Hernández says, as some have greater impact than others. The disclosure of vulnerabilities, for example, leads to a 4% price drop on average, and affected organizations recover within one month. For 40% of businesses that disclosed a vulnerability, their stock price wasn't affected at all.

[Hernández will share his data and observations at the upcoming Black Hat Asia virtual event in his talk, "A Walk Through Historical Correlations Between Vulnerabilities & Stock Prices"]

"On the other hand, incidents impact more than vulnerabilities, [with a] more than 5% drop," he continues. "The recovery depends on the amount and sensitivity of the data leaked," though he notes 63% of businesses hit with an attack recover in less than a month, even if sensitive data such as credit card information or personally identifiable information was compromised.

"Security incidents" is a blanket term for data breaches, ransomware attacks, and other events that might hit an organization. Of these, Hernández says ransomware does the most damage to stock price. In the short term, victims may not see a sizable difference; however, when it's clear that an attack will influence the entire quarter due to production and shipping delays, they will.

His research shows it's not only victim companies that are affected, but their parent companies as well. The Yahoo breach caused stock prices to fall for parent company Verizon; the disclosure of a vulnerability in WhatsApp in 2018 affected the stock for parent company Facebook. Similarly, organizations' stock price can be affected when a security issue affects their suppliers.

Security events only began to affect stock prices within the past few years, he points out.

"I have noticed that the older data breaches before 2015 did not have a sharp price drop, and they recovered in less than a week," says Hernández of earlier attacks affecting Sony, Target, JP Morgan, Home Depot, and Anthem. While all made headlines, the victim companies' stock prices didn't drop as he would have expected.

He attributes this change to the greater importance of cybersecurity among businesses and consumers, who now pay attention when a company they've shopped at has been breached. As security awareness continues to grow, Hernández anticipates cyberattacks, vulnerabilities, and other security issues will have a greater influence on stock price for victim organizations.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26543
PUBLISHED: 2021-05-06
The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
CVE-2021-27216
PUBLISHED: 2021-05-06
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
CVE-2021-29490
PUBLISHED: 2021-05-06
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and ex...
CVE-2021-29491
PUBLISHED: 2021-05-06
Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the ava...
CVE-2021-29921
PUBLISHED: 2021-05-06
Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid I...