🍎 🍕 Less apples, more pizza 🤔 Have you seen Buffett’s portfolio recently?Explore for Free

Equifax Case And Other Cyber Attacks: How Stock Prices Are Effected

Published 05/09/2018, 02:06 PM
Updated 07/09/2023, 06:32 AM
EFX
-

Equifax (NYSE:EFX) is the poster child for data breach negligence. The company suffered from hackers exploiting a known and previously reported security vulnerability in their open source Apache Struts framework. As the story continues to unfold, it seems that the thieves got away with every piece of valuable information in their data vault, and instead of turning out the proverbial light, they took that too. In the last six months since the breach was reported, Equifax’s stock suffered an initial steep drop, but has been regaining its footing. Today its shares are down approximately 12% from prior to the reported breach. It appears that Equifax share price is weathering this storm quite well.

To Date – Cyber Attacks Have a Had a Limited Imact on Share Price

In fact, the effect of cyber attacks on share prices is arguably not very damaging. In July of 2017, a study showed a detailed analysis of stock prices for 24 public companies that lost more than one million records due to a cyber attack. Immediately following the breach, their shares on average suffered a decrease of 0.43%. This rate was approximately equal to their average daily volatility.

In the long run, share prices recovered, but at an impaired rate. The analysis showed a 45.6% increase in share price during the three year period prior to a company’s data breach. In the three years after, the company only enjoyed a 14.8% growth. Daily volatility remained consistent, as it was approximately the same for both periods.

Clearly, investors remained somewhat skeptical about managements’ ability to implement better security practices, reduce the effects of brand damage, retain customers, mitigate lawsuits and recoup lost opportunity costs. Regardless, most cyber attacks and successful data breaches may have had a rather small impact on share price due to the low costs associated with fines and lawsuits.


Open Source is Everywhere

More than 90% of the software in use today contains open source code. Open source pervades operating systems, network platforms and applications. This trend will only continue to grow because, by leveraging open source, developers can lower assembly costs and quickly add innovations. Without it, almost every gadget, cloud platform, banking network and phone system would shut down.

Whether software code is proprietary or open source, it harbors security vulnerabilities. Because of its transparency, open source code tends be better engineered than a comparable piece of proprietary code. And thanks to its flexibility, open source code is extensively used. This means that a security vulnerability in a piece of open source code is likely to exist across a multitude of applications and platforms. Consequently, open source software vulnerabilities become a “low hanging fruit” for hackers to target and attack.

Known Security Vulnerabilities are Prevalent.

The number of reported security vulnerabilities in open source code – the same kind of vulnerability that hackers used to exploit Equifax – is increasing. In 2017, the number of known security vulnerabilities in open source code nearly tripled that of 2016, from 6,447 to 14,712. Based on the reported number of security vulnerabilities in the first two and a half months of 2018, it appears that we will once again set a record this year. Consequently, we can expect to see many more corporate casualties from cyber attacks directed at known security vulnerabilities.

E.U. Driving Large Fines for Data Security Breaches

The E.U. has enacted data protection / breach fines that, on their own, will negatively and materially impact a company’s financial results, and likely their share price. On May 25th, the E.U. will legislate its landmark General Data Protection Regulation (GDPR) that was approved in 2016. Not only will the GDPR affect any organization located or doing business in the E.U., it will also impact organizations processing data of EU individuals, regardless of their own geographic location. Multinationals will have to adjust their practices in order to comply with the new, and more stringent, data privacy and protection policies from the E.U.

So what is the GDPR?

According to the official GDPR website, it is a law to “protect all E.U. citizens from privacy and data breaches in an increasingly data-driven world.” Its reach is broad, “it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not.” And, the penalties are non-trivial, “organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).”

A Practical Examinination of the Effects of GDPR

Had the GDPR been in place at the time of the Equifax breach, the fines would have been significant. Based on estimated Equifax 2017 income, which has been delayed in reporting, 4% of its approximately $3 billion in revenues is $120 million. The days of sweeping security vulnerabilities under the rug in the E.U. are over.

Open source software development and use are irreversible trends in today’s businesses. And given the undeniable importance of the E.U market, organizations must adapt to comply with the GDPR. It is prudent for software development and IT teams to investigate and reevaluate, in-depth: the ramifications of GDPR, their client data and privacy procedures, the short-term risk mitigation potently offered by cyber security insurances and their plans and practices for finding and responding to open source security vulnerabilities.

Investors should examine, in great detail, corporations’ reported plans for complying with the new GDPR rules. Additionally, given the increased risk, shareholders should reevaluate and discount the share price of companies that have a track record of data breaches. Going forward, cyber attacks and data breaches will have a much larger impact on share price.

Latest comments

Loading next article…
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.