Breaking News

Equifax Case And Other Cyber Attacks: How Stock Prices Are Effected

By Tae Jin KangStock MarketsMay 09, 2018 02:06PM ET
Equifax Case And Other Cyber Attacks: How Stock Prices Are Effected
By Tae Jin Kang   |  May 09, 2018 02:06PM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items

Equifax (NYSE:EFX) is the poster child for data breach negligence. The company suffered from hackers exploiting a known and previously reported security vulnerability in their open source Apache Struts framework. As the story continues to unfold, it seems that the thieves got away with every piece of valuable information in their data vault, and instead of turning out the proverbial light, they took that too. In the last six months since the breach was reported, Equifax’s stock suffered an initial steep drop, but has been regaining its footing. Today its shares are down approximately 12% from prior to the reported breach. It appears that Equifax share price is weathering this storm quite well.

To Date – Cyber Attacks Have a Had a Limited Imact on Share Price

In fact, the effect of cyber attacks on share prices is arguably not very damaging. In July of 2017, a study showed a detailed analysis of stock prices for 24 public companies that lost more than one million records due to a cyber attack. Immediately following the breach, their shares on average suffered a decrease of 0.43%. This rate was approximately equal to their average daily volatility.

In the long run, share prices recovered, but at an impaired rate. The analysis showed a 45.6% increase in share price during the three year period prior to a company’s data breach. In the three years after, the company only enjoyed a 14.8% growth. Daily volatility remained consistent, as it was approximately the same for both periods.

Clearly, investors remained somewhat skeptical about managements’ ability to implement better security practices, reduce the effects of brand damage, retain customers, mitigate lawsuits and recoup lost opportunity costs. Regardless, most cyber attacks and successful data breaches may have had a rather small impact on share price due to the low costs associated with fines and lawsuits.

Open Source is Everywhere

More than 90% of the software in use today contains open source code. Open source pervades operating systems, network platforms and applications. This trend will only continue to grow because, by leveraging open source, developers can lower assembly costs and quickly add innovations. Without it, almost every gadget, cloud platform, banking network and phone system would shut down.

Whether software code is proprietary or open source, it harbors security vulnerabilities. Because of its transparency, open source code tends be better engineered than a comparable piece of proprietary code. And thanks to its flexibility, open source code is extensively used. This means that a security vulnerability in a piece of open source code is likely to exist across a multitude of applications and platforms. Consequently, open source software vulnerabilities become a “low hanging fruit” for hackers to target and attack.

Known Security Vulnerabilities are Prevalent.

The number of reported security vulnerabilities in open source code – the same kind of vulnerability that hackers used to exploit Equifax – is increasing. In 2017, the number of known security vulnerabilities in open source code nearly tripled that of 2016, from 6,447 to 14,712. Based on the reported number of security vulnerabilities in the first two and a half months of 2018, it appears that we will once again set a record this year. Consequently, we can expect to see many more corporate casualties from cyber attacks directed at known security vulnerabilities.

E.U. Driving Large Fines for Data Security Breaches

The E.U. has enacted data protection / breach fines that, on their own, will negatively and materially impact a company’s financial results, and likely their share price. On May 25th, the E.U. will legislate its landmark General Data Protection Regulation (GDPR) that was approved in 2016. Not only will the GDPR affect any organization located or doing business in the E.U., it will also impact organizations processing data of EU individuals, regardless of their own geographic location. Multinationals will have to adjust their practices in order to comply with the new, and more stringent, data privacy and protection policies from the E.U.

So what is the GDPR?

According to the official GDPR website, it is a law to “protect all E.U. citizens from privacy and data breaches in an increasingly data-driven world.” Its reach is broad, “it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not.” And, the penalties are non-trivial, “organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).”

A Practical Examinination of the Effects of GDPR

Had the GDPR been in place at the time of the Equifax breach, the fines would have been significant. Based on estimated Equifax 2017 income, which has been delayed in reporting, 4% of its approximately $3 billion in revenues is $120 million. The days of sweeping security vulnerabilities under the rug in the E.U. are over.

Open source software development and use are irreversible trends in today’s businesses. And given the undeniable importance of the E.U market, organizations must adapt to comply with the GDPR. It is prudent for software development and IT teams to investigate and reevaluate, in-depth: the ramifications of GDPR, their client data and privacy procedures, the short-term risk mitigation potently offered by cyber security insurances and their plans and practices for finding and responding to open source security vulnerabilities.

Investors should examine, in great detail, corporations’ reported plans for complying with the new GDPR rules. Additionally, given the increased risk, shareholders should reevaluate and discount the share price of companies that have a track record of data breaches. Going forward, cyber attacks and data breaches will have a much larger impact on share price.

Equifax Case And Other Cyber Attacks: How Stock Prices Are Effected
Equifax Case And Other Cyber Attacks: How Stock Prices Are Effected

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind: 

  • Enrich the conversation
  • Stay focused and on track. Only post material that’s relevant to the topic being discussed.
  • Be respectful. Even negative opinions can be framed positively and diplomatically.
  •  Use standard writing style. Include punctuation and upper and lower cases.
  • NOTE: Spam and/or promotional messages and links within a comment will be removed
  • Avoid profanity, slander or personal attacks directed at an author or another user.
  • Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at’s discretion.

Write your thoughts here
Are you sure you want to delete this chart?
Post also to:
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Are you sure you want to delete this chart?
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.
Continue with Google
Sign up with Email