Economic Impact from a Company’s Data Breach – No Big Deal? Not So Fast!

Locke Lord LLP

Recent data breaches have prompted worries about economic damage to the infiltrated companies. Analyses in fact show minimal effects on stock prices or revenues of the hacked companies. But that may be only temporary comfort as commentators urge a longer-term view.

recent article in the Harvard Business Review found that “even the most significant recent breaches had very little impact on the company’s stock price.” Similarly, “actual expenses … amount to less than 1% of each company’s annual revenues. After reimbursement from insurance and minus tax deductions, the losses are even less,” according to a new analysis from a fellow at the Columbia School of International and Public Affairs.

Good news? To an investor looking solely at publicly disclosed costs of data breaches by large retailers, one takeaway may be that sophisticated companies have done a decent job of preparing for, responding to, and insuring against large data breaches. Another question, however, is whether the costs are merely shifted to consumers, who as a group bear the brunt of the inconvenience and anxiety associated with a data breach, even where monetary loss is minimal. And if a large company does not feel the pain in its bottom line, does it have adequate incentive to invest in cybersecurity measures to protect consumers? And without market incentives, will that prompt more government intervention and regulatory fines?

What about the longer term? It is not clear to what extent corporate data breach victims incur damages that are not subject to data breach notification laws – e.g., losses from competitor or state-sponsored theft of intellectual property, customer lists, business plans, and other proprietary data that, while sensitive and valuable to the owner, may not contain personal identifying information. The incentives to protect access to this data may outweigh any notion that the costs of consumer data breaches are too low to justify additional investment in cybersecurity.

The publicly disclosed costs also do not factor in reputational interests, customer loyalty, distraction to senior management, and other less easily quantified costs. All stakeholders will continue to wrestle with efforts to quantify all of the hard and soft costs of data breaches of all kinds, short and long-term, so that risks can be better assessed and managed through the private and public sectors.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Locke Lord LLP | Attorney Advertising

Written by:

Locke Lord LLP

Locke Lord LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.