[BreachExchange] £42bn: The damage to UK investors from 'severe' cyberattacks since 2013

Thu Apr 13 17:04:20 EDT 2017

http://www.ibtimes.co.uk/hackers-cost-uk-business-investors-42bn-decimating-ftse-share-prices-1616821

Businesses have increasingly come under attack by hackers
<http://www.ibtimes.co.uk/nca-cybercrime-report-estimates-2-11-million-uk-victims-cybercrime-1569556>
over the past few years but the massive negative impact data breaches can
have on companies' valuations is not yet fully quantified. A recent study
conducted by Oxford Economics reveals that "severe" cyberattacks have cost
UK
<http://www.ibtimes.co.uk/uk-vows-strike-back-against-cybercrime-1-9bn-spending-package-announced-1589255>
business investors close to £42bn since 2013.

The study, commissioned by CGI Group, revealed that cyberattacks can
adversely affect
<http://www.ibtimes.co.uk/nhs-websites-defaced-by-tunisian-islamist-hackers-display-horrific-photos-war-syria-1605353>
FTSE 100 companies' shares, with stock prices falling 1.8%, on average,
after a "severe breach". This translates to a loss of £120 million, on an
average, for investors in a typical FTSE company. But in some extreme
cases, breaches have wiped out as much as 15% of affected companies'
valuations.

The study also highlighted the financial sector is becoming increasingly
concerned and more vigilant about cybersecurity. A recent survey of buy
side investors across the UK, Europe, US and Asia found that most of them
would "lower post close valuations if either party in the merger had
suffered a breach."An example of this would be the Verizon-Yahoo
acquisition deal. Following Yahoo's disclosure of massive data breaches
that affected millions of user accounts, the deal underwent an 8% cut.

The survey also found that since 2014, a quarter of all investors took an
investment decision based on the security capabilities of a firm.

*How are industrial sectors affected by breaches?*

The study examined around 315 data breaches, focusing on 65 "severe" and
"catastrophic" attacks
<http://www.ibtimes.co.uk/top-10-devastating-hacks-that-surfaced-2016-1598117>
that targeted seven global stock exchanges since 2013.

The report said, "There is evidence that the impact of cyber attacks on
<http://www.ibtimes.co.uk/wonga-hack-personal-details-nearly-250000-uk-customers-likely-stolen-by-hackers-1616219>share
price has become more pronounced over recent years. Severe or catastrophic
cyber breaches appear to produce markedly different impacts across
different market sectors."

The level of impact that a cyberattacks has differs from one sector to
another. The report said that the retail, travel and hospitality industries
suffered relatively lower impact "as companies in these
sectors increasingly rely on online sales channels."
[image: Cyberattacks impact on UK businesses]Cyberattacks can adversely
affect FTSE 100 companies' shares, with stock prices falling 1.8%, on
average, after a breachOxford Economics / Gemalto / Bloomberg

The report pointed out that retail, media and communications firms appear
to suffer more cyberattacks because of "account access" and "identity
theft". Whereas the technology and industrial sectors primarily suffer more
breaches focused on "financial access".

Raj Samani, chief scientist at McAfee, told *IBTimes UK*, "This latest
research revealing the detrimental impact cybercrime can
<http://www.ibtimes.co.uk/us-uk-other-nato-members-team-counter-cyberattacks-fake-news-1616620>
have on an organisation's market value should serve as a warning to
corporations across the globe. Data breaches damage far more than a
company's reputation, often hitting the bottom line hard."

Dr Andrew Rogoyski, the vice-president of cybersecurity services at CGI UK,
told The Independent: "Healthcare is an example of a sector that suffers a
large number of breaches but isn't necessarily targeted, because there
aren't many ways to monetise attacks on health companies, yet."

He added, "Companies that perform financial transactions tend to be
targeted because of the potential for cyber criminals to make money out of
them."

*Recent attacks had more severe impacts*

The study also found that the severity of negative impact on firms' share
prices has escalated in attacks that occurred in the last 18 months.

Over the past few years, UK businesses have suffered significant breaches,
affecting thousands of customers' data, with payday lender Wonga being the
latest victim.

McAfee's Samani added, "Corporations cannot afford to dismiss cyber
security as a problem which just belongs to the IT department. The
financial future of a corporation – and often that of its customers – can
hinge upon the security of its business and user information.

"It is crucial for executives, including the CFO and CEO, to take an active
role in understanding the level of cyber risk they're exposed to in order
to implement an appropriate, effective cyber security strategy. This
process should include assessing the value of the company's data assets and
implementing mitigation strategies appropriately proportioned to the level
of risk involved."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170413/aca5db5b/attachment.html>