[BreachExchange] Report Finds CEO Pay Rises After Data Breach

Destry Winant destry at riskbasedsecurity.com
Mon Mar 18 09:52:11 EDT 2019


A new research report from Warwick Business School at the University of
Warwick has found evidence that corporate cyberattacks lead to higher
profits for chief executive (CEOs) officers at those firms.

Reports in Business News Daily on Friday (March 15), co-authored by
Assistant Professors of Finance Dr. Daniele Bianchi and Dr. Onur Tosun,
found that data breaches at large organizations may cause financial losses
at those companies, but they eventually lead to greater investments in
their CEOs. The report examined instances of data breaches at 41 public
U.S. firms between 2004 and 2016, focusing on high-profile cyberattacks
that caused a drop in share value.

Despite the market value of those firms declining, the researchers found
that CEO pay increased during those years. That compares with CEOs at
public firms that were not hit by high-profile data breaches, whose
salaries decreased by an average of $2 million per year, reports said.

“At first sight, these results may look puzzling,” said Bianchi in a
statement. “However, they are consistent with the idea that the average
response is to invest more in the management to address possible structural
flaws, as well as maintaining the integrity of the firm in response to the
reputational damage it has suffered.”

Other findings of the report included that the immediate drop in share
value for organizations lasted just two days after news of a data breach
was made public. The biggest negative effects of data breaches also
occurred in the areas of shareholder dividend payments, and research and
development (R&D) investment.

“Incidents of security breaches that reveal sensitive and confidential
information can lead to litigation and government sanctions, but also to a
loss of competitive edge against competitors through a reduction of
resources dedicated to R&D, dividend payments or investments more
generally,” explained Tosun. “Companies are often reluctant to reveal
information about security breaches due to fear of both short-term and
long-term market reactions. Cybersecurity will, therefore, become an
increasingly important consideration for companies to avoid the damaging
fallout once a breach is made public.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190318/58899d2b/attachment.html>

More information about the BreachExchange mailing list