Does Value Drop After A Data Breach

The June issue of Compliance and Ethics Professional has a brief but interesting article by Sally March titled Are you confident it’s confidential? One of the references in the article cites the Ponemon Institute report “Reputation Impact of a Data Breach”. This is an older report from 2011, but we can examine the findings and determine the accuracy of the claims.

The study surveyed 843 senior-level individuals with deep expertise and knowledge about their organization’s brand and reputation management objectives.

We asked individuals participating in our study to estimate the economic value of their organizations’ corporate brand or reputation. The responses ranged from a value of less than $1 million to more than $10 billion. Using an extrapolation method we determined the average value of reputation or brand image for the organizations participating in the study – which is estimated as $1.56 billion. Depending upon the type of information lost as a result of the breach, the average loss in the value of the brand ranged from $184 million to more than $332 million

The results are extrapolated which means they are estimated, but that will allow us to see if the persons surveyed were correct in their assumptions. Table 1. Calculus on the economic impact of reputation decline from data breach states that Diminished value resulting from a data breach of customer data is 21% while Diminished value resulting from a data breach of employee data is 12% while Diminished value resulting from a data breach of IP data is 18%.

Based on what we know in our previous studies of company valuation after a data breach these numbers do not sound correct which would mean that the impact is being overestimated. For our purposes we will look at equity performance since the data breach of several high profile companies with high profile data breaches. The change in consumer sentiment will be felt on the Income Statement which will be reflected through the stock price. We believe this is a more realistic way to determine economic impact as US markets are liquid and efficient.

Below are selected stock charts from TGT, HD, and SNE starting from the time their data breaches were reported in the news to the present day. We will also examine LL which experienced a dangerous consumer products scandal, broke by Case Capital Management that was aired on 60 Minutes to compare real world consumer harm vs. virtual consumer harm with regard to company performance.

clip_image002

clip_image004

clip_image006

clip_image008

We can distill the information provided by the stock charts down to the equity that was affected by the event, the stock price on the day of the event, the current stock price, and the change in value. As we can see the companies suffering from a consumer data breach experienced an average increase in value of 24%. While the company that experienced a real world hazard has decreased by 79%.

Equity Day Of Event Current Day Change
TGT 63.76 78.03 22%
HD 91.15 117.5 29%
SNE 21.63 25.87 20%
LL 69.99 14.90 79%

Conclusion: The estimates in the Ponemon report of a 21% decrease in economic value. We do not see this reflected in equity prices as valuations have increased since the event. We believe that the economic impact of consumer data breaches is overstated as consumer sentiment has not shifted to a degree that has an effect on earnings. It is likely that the personnel surveyed had overestimated the impact due to marketing material produced by the Information Security Industrial Complex. The impact to many corporations have been mitigated by Cyber Insurance (TGT, HD) or by CapEx and other cost reduction measures brought on by Shareholder Activists (SNE). Shareholder Activists and executives should reevaluate spending priorities in light of the current trends in equity performance after a data breach event.

Correlation Between Hackers and Target Stock Performance

Every retail CEO is blaming the weather for the poor sales.  We all know that Target (NYSE:TGT) had a bad holiday because of hackers and not the weather, right?  Well now Wal-Mart (NYSE:WMT) blew up their numbers and they’re saying it was the weather too.  How is this possible?  Obviously the hackers must have scared everyone away from Wal-Mart as well.  There is absolutely no way it could be the Polar Vortex, right?

What if there is some connection between hackers and the weather?  If we look at recent happenings in San Francisco, we can see that the street signs have been hacked saying San Francisco is closed because it’s too damn hot.  It is obvious that hackers like cold weather. We should have seen this before since they invaded Target through a HVAC company. This is all the proof we need to know that the hackers were behind the poor earnings at Target because they made off with the credit card numbers and created the Polar Vortex.   This blows up our previous study of data because we weren’t counting on hackers being able to control the weather.

We have absolutely tied hackers to the destruction of the entire retail sector.  If hackers aren’t behind the Polar Vortex and poor retail performance then there is only one other possibility.

Aliens-Meme