Publicly traded companies lost a combined £42 billion ($52.7 billion) in shareholder value between 2013 and the first half of 2016 because of publicized cybersecurity breaches, according to a joint study by information technology provider CGI and Oxford Economics.
The value of financial services firms was impacted the most by breaches, with those firms seeing their average share price fall 2.7% by the Friday after a breach, according to the study, “The Cyber-Value Connection.” Communications firms were the second-most impacted, with a 2.6% decline.
A company's share price, as listed on seven global stock exchanges, was reduced by an average 1.8% on a permanent basis immediately following a breach, according to the study. For an FTSE 100 firm, that percentage loss would mean an average permanent loss of £120 million in market capitalization.
The report looked at 65 cybersecurity breaches it ranked as severe or catastrophic; 38 of those occurred in the U.S. and another 14 in the U.K. Other breaches looked at in the study occurred in Japan, France, South Korea and Italy.
Andrew Rogoyski, vice president of cybersecurity at CGI in the U.K., estimated that in Europe, only 10% to 20% of major breaches were reported, and future losses could be up to 10 times higher when European Union regulations requiring disclosure of all cyberbreaches take effect in May 2018. Public U.S. firms are required to report cybersecurity breaches to the Securities and Exchange Commission.