A study by Warwick Business School has found that a CEO is more likely to receive a pay rise after a cybersecurity breach.

The study also finds that media reports of cyber-attacks leads to the share price falling as investors sell off. Companies then try and counter the effects by paying lower dividends and investing less in research and development for up to five years afterwards.

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

Access deeper industry intelligence

Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.

Find out more

Data breaches at 41 US-based publicly listed companies between 2004 and 2016 were  studied for the paper, entitled Cyber attacks and stock market activity.

The average CEO pay at firms not targeted by cybercriminals was found to fall more than $2 million per year in the ensuing five-year period.

Co-author the study, Daniele Bianchi, says: “At first sight, these results may look puzzling. However, they are consistent with the idea that the average response is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered.

“In the long run security breaches appear to have a more significant impact on firms’ strategies and policies than their cash flow.”

GlobalData Strategic Intelligence

US Tariffs are shifting - will you react or anticipate?

Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.

By GlobalData

The study focused only on breaches reported in the media. This suggests the effect is likely to be experienced even more widely now with GDPR in place, forcing companies to report data breaches no more than 72 hours after they occur.

Bianchi’s co-author, Onur Tosun, says: “Incidents of security breaches that reveal sensitive and confidential information can lead to litigation and government sanctions, but also to a loss of competitive edge against competitors through a reduction of resources dedicated to R&D, dividend payments, or investments more generally.

“For this reason, companies are often reluctant to reveal information about security breaches due to fear of both short-term and long-term market reactions. However, many firms [now] won’t have a choice.

“Cybersecurity will therefore become an increasingly important consideration for companies to avoid the damaging fallout once a breach is made public.”

Read next:

Cyberhedge receives investment from Luxembourg Future Fund