It’s no secret that data breaches can be incredibly expensive, but many organizations may not consider the hidden and long-term costs, which are often obscured by the more obvious and immediate expenses associated with forensic investigations, customer notifications, and paying for identity theft protection.
In a new eBook from ExtraHop, we look at the total cost of recent data breaches at six organizations, including the impact on organizations’ stock prices and quarterly earnings. In the five public companies we examined, net income was down an average of 73 percent in the third quarter following each company’s breach announcement.
Stock prices sank at four of the five public companies.
IBM’s Cost of a Data Breach Report from 2023 found the average cost of a data breach in the U.S. to be $9.48 million, with the global average increasing 2.3% from 2022 and 15.3% from 2020. Our eBook looks at six large data breaches, with total costs ranging from about $160 million to over $1 billion, showing that costs can be astronomically higher than the average.
In addition, the eBook references a 2021 study by Comparitech, saying that companies reporting breaches tend to underperform the stock market. One year after the data breaches were reported, the stock price of the companies studied fell 8.6% on average and also underperformed the NASDAQ by 8.6%. The average share price of a breached company underperformed NASDAQ by 11.9% after two years and 15.6% after three.
In our research, net income dropped significantly at all five public companies we studied, in some cases turning significant gains in the quarters from a year earlier into losses in quarters following the data breaches.
One company reported drops in net income of more than 150 percent in back to back quarters shortly after its data breach. Another company reported a drop of more than 700 percent in net income in a quarter shortly after its data breach.
Meanwhile, stock prices were down between 11 percent and 35 percent one month after the data breaches at four of the five public companies. Three months after the breaches were reported, stock prices at these four companies remained lower than the price immediately before the data breaches.
Beyond the drops in stock prices and in quarterly earnings, some of the companies paid out huge settlements in class-action lawsuits and paid tens of millions of dollars in legal fees related to the breaches.
Our research underscores the real and palpable financial impact of data breaches and reveals that the costs of a data breach go way beyond the number of records impacted or any immediate, direct costs. We hope this report gives security leaders a clearer and more accurate picture of the lingering, end-to-end financial impact of a data breach that will resonate with their senior leadership teams and boards of directors. With this data, we hope the readers have the information necessary to see the value of investments in the security controls they need to detect and prevent crippling data breaches.
Explore findings from our research, The True Cost of a Security Breach.