A study by Warwick Business School has found that a CEO is more likely to receive a pay rise after a cybersecurity breach.

The study also finds that media reports of cyber-attacks leads to the share price falling as investors sell off. Companies then try and counter the effects by paying lower dividends and investing less in research and development for up to five years afterwards.

Data breaches at 41 US-based publicly listed companies between 2004 and 2016 were  studied for the paper, entitled Cyber attacks and stock market activity.

The average CEO pay at firms not targeted by cybercriminals was found to fall more than $2 million per year in the ensuing five-year period.

Co-author the study, Daniele Bianchi, says: “At first sight, these results may look puzzling. However, they are consistent with the idea that the average response is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered.

“In the long run security breaches appear to have a more significant impact on firms’ strategies and policies than their cash flow.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The study focused only on breaches reported in the media. This suggests the effect is likely to be experienced even more widely now with GDPR in place, forcing companies to report data breaches no more than 72 hours after they occur.

Bianchi’s co-author, Onur Tosun, says: “Incidents of security breaches that reveal sensitive and confidential information can lead to litigation and government sanctions, but also to a loss of competitive edge against competitors through a reduction of resources dedicated to R&D, dividend payments, or investments more generally.

“For this reason, companies are often reluctant to reveal information about security breaches due to fear of both short-term and long-term market reactions. However, many firms [now] won’t have a choice.

“Cybersecurity will therefore become an increasingly important consideration for companies to avoid the damaging fallout once a breach is made public.”

Read next:

Cyberhedge receives investment from Luxembourg Future Fund