This post was written by Cynthia O'Donoghue.
HBGary, developer of tools and services for protection from cyberspies and terrorists, conducted a new study discussing the impact of cyberattacks and data breaches on investor attitudes. The study, based on a survey of 405 U.S. investors, looked at investor attention to companies’ cybersecurity and which aspects of historical attack and breaches determined investment decisions.
The study highlights cybersecurity’s growing importance to investors, with more than 70 percent of those surveyed confirming they evaluate companies’ cybersecurity practices. A higher proportion, 78.1 percent of the survey participants, indicated they would be unlikely to consider investing in a company with a history of cyberattacks, and 68.7 percent would be disinclined to invest in a company with a history of data breaches.
The study notes that 66 percent of the investors were concerned with how a company responded to a cyberattack or data breach and only 25 percent were interested in the incident itself. This difference highlights that an organisation that suffers a breach must be seen to take decisive action both to remedy an incident and to ensure an effective response in order to avoid negatively impacting the company’s investment profile.
The study also looked at the type of incidents that were of most concern to an investor, with more than 57 percent viewing breaches of personal data more significant than incidents involving IP theft. Only 28.8 percent of investors expressed the opposite view.
This is a staggering outcome, given that IP and trade secret theft or loss is alleged to cost organisations billions of dollars, but it could be that the long-term impact and liability of the loss of personal data can be difficult to quantify. If the draft EU Data Protection Regulation gets passed by the European Parliament in its current form, cybersecurity breaches resulting in data loss could cost organisations up to 2 percent of their worldwide annual turnover, something that will likely result in an increased focus on cybersecurity due diligence when undertaking any investment decision.