A typical severe cyberbreach results in the permanent loss of 1.8% of a company’s value relative to a control group of its competitors, according to The Cyber-Value Connection, a study by IT consultancy CGI and Oxford Economics. This share-price hit translates into a £120 million (about $155 million) loss of market capitalization for an average FTSE 100 firm.
The researchers examined share-price changes in the wake of publicly disclosed breaches across seven global stock exchanges since 2013. For the 65 severe breaches studied, the cumulative cost to investors was £42 billion (about $52 billion). Two-thirds of firms saw share price adversely affected after a breach, with the greatest losses in financial services. In extreme cases, companies lost up to 15% of their value.
Given the low rates of breach reporting among European firms and increasing legal and regulatory costs—particularly related to the EU’s General Data Protection Regulation, which takes effect in May 2018—CGI noted the probability of dramatically bigger losses to come across financial markets.