A study by Warwick Business School has found that a CEO is more likely to receive a pay rise after a cybersecurity breach.
The study also finds that media reports of cyber-attacks leads to the share price falling as investors sell off. Companies then try and counter the effects by paying lower dividends and investing less in research and development for up to five years afterwards.
Data breaches at 41 US-based publicly listed companies between 2004 and 2016 were studied for the paper, entitled Cyber attacks and stock market activity.
The average CEO pay at firms not targeted by cybercriminals was found to fall more than $2 million per year in the ensuing five-year period.
Co-author the study, Daniele Bianchi, says: “At first sight, these results may look puzzling. However, they are consistent with the idea that the average response is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered.
“In the long run security breaches appear to have a more significant impact on firms’ strategies and policies than their cash flow.”
The study focused only on breaches reported in the media. This suggests the effect is likely to be experienced even more widely now with GDPR in place, forcing companies to report data breaches no more than 72 hours after they occur.
Bianchi’s co-author, Onur Tosun, says: “Incidents of security breaches that reveal sensitive and confidential information can lead to litigation and government sanctions, but also to a loss of competitive edge against competitors through a reduction of resources dedicated to R&D, dividend payments, or investments more generally.
“For this reason, companies are often reluctant to reveal information about security breaches due to fear of both short-term and long-term market reactions. However, many firms [now] won’t have a choice.
“Cybersecurity will therefore become an increasingly important consideration for companies to avoid the damaging fallout once a breach is made public.”
Cyberhedge receives investment from Luxembourg Future Fund