Australian organisations hit by a data breach may see their share prices drop as much as 5% and take months to recover from the incident, and customers may start looking elsewhere for suppliers.
Commissioned by Centrify, a Ponemon study randomly selected 113 global companies. It found that on average, stock price dropped 5% on the day a data breach was disclosed. Customer churn rate hovered around 7%.
The survey also took responses from 749 Australian IT professionals, markets and consumers. 40% of IT professionals reported that in the las two years, their firm had experienced a data breach that involved more than 1000 stolen records containing sensitive information.
33% of consumers also said they had stopped the relationship with the organisation that had experienced the breach.
However, those that had strong security posture managed to recover their stock value after an average of seven days, while those with weak posture took more than 90 days to recover.
“Data protection is no longer just an IT problem. When a breach can decimate your valuation and decimate your customer base, it must be elevated to the C-suite and boardroom because it requires a holistic and strategic approach to protecting the entire organisation,” comments Centrify CEO Tom Kemp.
He says that nobody wants to be the next Yahoo – an organisations that suffered two data breaches and slashed the company’s sale price to Verizon by $350 million.
“The bottom line is that security is a core business concern which demands the attention of the CEO, the C-suite and the board of directors. The fact is a breach can damage a company’s image for good,” Kemp continues.
However, two thirds of IT professionals don’t think it’s their responsibility to protect their brand.
Centrify’s senior director of APAC sales, Niall King, says that the misalignment between what organisations believe and what consumers believe about personal information is ‘alarming’.
“While 80 per cent of consumers believe organisations have an obligation to take reasonable steps to secure their personal information, only 61 per cent of IT professionals agree. Once that belief is breached, consumers don’t easily forgive or forget.”
The report suggests that leaders should take responsibility for breach response because the danger to stock value is a genuine threat to their business. Data breach preparedness plans should include procedures for communicating with all stakeholders, including investors, state attorneys and regulators.
The report also suggests that the plan should also address consumers’ concerns about their personal information. If necessary, the chief privacy officer should be involved in company privacy and data handling practices and make sure they respect customers’ expectation. This, in turn, will help mitigate customer turnover.