Centrify-Commissioned Ponemon Study Finds Stock Prices Fall an Average of 5 percent, Customer Churn Can Increase as Much as 7 percent and Brand Reputation is Tarnished After a Data Breach is Disclosed
Only 39 Percent of IT surveyed say their organizations have a high ability to prevent a data breach and 66 percent don’t believe protecting their company’s brand is their responsibility.
May 15, 2017
Santa Clara, CA — Centrify, the leader in securing hybrid enterprises through the power of identity services, commissioned a new Ponemon research study that revealed data security breaches can negatively impact an entire organization — including sales, marketing and IT — and have a significant negative impact on company finances and shareholder value. Specifically, the study found that the stock value index of 113 companies declined an average of five percent the day the breach was disclosed and experienced up to a seven percent customer churn. What’s more, thirty-one percent of consumers impacted by a breach stated they discontinued their relationship with an organization that experienced a data breach. And while the study found a data breach has a significant impact on brand reputation, a surprising 66 percent of IT practitioners don’t believe their company’s brand is their responsibility.
“Data breaches are very real business and bottom line concerns. This reality was recently seen when a popular fast food chain’s stock rose as much as 6.8% after reporting better than expected Q1 earnings, but then saw its gains chopped in half when it revealed it had a breach. The fallout can be significant and may even be a reason to relieve the C-Suite of its duties,” said Tom Kemp, CEO of Centrify. “This new report serves as a wake-up call to every organization that security isn’t just about protecting data, it’s about protecting the business. It is no longer just an IT problem — it must be elevated to the C-suite and boardroom because it requires a holistic and strategic approach to protecting the whole organization.”
The Impact of a Data Breach on Reputation and Share Value study is unique because it presents the views of three diverse groups who have in common the ability to influence share value and reputation. Ponemon Institute surveyed 448 individuals in IT operations and information security, 334 senior level marketers and corporate communication professionals and 549 consumers.
Miscalculation of Security Risk on Shareholder Value
The Ponemon study found a direct correlation between a data breach and stock decline, customer churn and revenue loss and the organization’s security posture. The following findings are based on a sample of 113 companies that experienced a material data breach
- On the day a breach was disclosed, the share value index dropped an average of five percent.
- Companies with a poor security posture, were found to drop as high as seven percent and, 120 days following a breach, the company did not fully recover the share price it enjoyed immediately prior to the breach.
- Companies with a high security posture saw a decline of no more than three percent. And, 120 days following the breach, the company was found to successfully rebound, showing a three percent gain in the stock price prior to the attack.
- Organizations with a poor security posture experienced an increase of up to seven percent customer churn, which can amount to millions in lost revenue.
- Thirty-one percent of consumers impacted by a breach stated they discontinued their relationship with an organization that had been breached, and 65 percent lost trust in that organization.
Blind Spots in the C-Suite with Costly Consequences
The study showed a data breach has a significant impact on brand reputation, but the internal disconnects illustrate vulnerabilities across the organization.
- More than half (56%) of IT practitioners are not confident they have the ability to prevent, detect and resolve the consequences of a data breach and more than half fear a breach will cost them their job. By contrast, 63 percent of CMOs are far more optimistic their company would quickly recover from a serious breach.
- Eighty percent of CMOs and IT Practitioners have a blind spot on the impact of a breach on a company’s stock price. Only 20 percent of CMOs and 5 percent of IT practitioners say they would be concerned about a decline in their companies’ stock price. In organizations that had a data breach, only 5 percent of CMOs and 6 percent of IT practitioners say a negative consequence of the breach was a decline in their companies’ stock price.
- A data breach out-ranks a scandal involving the CEO. Breaches rank in the top-three most negative impacts to brand reputation following terrible customer service and environmental disaster.
- 45 percent of IT practitioners and 42 percent of CMOs don’t believe that brand protection is taken seriously in the C-suite.
Alarming Reality for Consumers
There is a disconcerting gap between consumer expectations and corporate perspective when it comes to the protection of customers’ personal information.
- Eighty percent of consumers believe organizations have an obligation to take reasonable steps to secure their personal information. However, only 65 percent of CMOs and 64 percent IT professionals agree.
- Seventy percent of consumers believe organizations have an obligation to control access to their information, but less than half of CMOs and IT security practitioners believe this is an obligation.
The Ponemon study surveyed 448 individuals in IT operations and information security, 334 senior level marketing professionals and 549 consumers. To determine the impact a data breach has on stock value, 113 benchmarked global public companies that experienced a data breach involving consumer data were selected for this analysis. These companies, which represented 16 industry sectors, were indexed against a match sample of companies that did not experience a data breach during the test period. The Security Effectiveness Score (SES) referenced in this study is determined by utilizing the Ponemon Institute’s proprietary benchmark database and is derived from rating numerous security features or practices, including but not limited to, having a full-time CISO, employee training and awareness programs, regular audits and assessments of security vulnerabilities, and policies to manage third-party risk. This method has been validated from more than 50 independent studies conducted for more than a decade. Download the full report at http://www.centrify.com/lp/ponemon-data-breach-brand-impact/.
Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry recognized leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify is enabling over 5,000 customers, including over half the Fortune 50, to defend their organizations. To learn more visit www.centrify.com.
The Breach Stops Here.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
Ready to protect against the #1 Attack Vector?
Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.