The Impact of Data Breaches on Share Prices

In a recent post, we examined the costly consequences for companies that fail to protect the personal data of their customers, resulting in data breaches and security incidents. Data privacy laws, such as the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR), are sending a clear message: businesses need to be more responsible in handling customer data or they will face legal action and hefty fines.

Just recently, major American retailer Macy’s made the headlines for the wrong reasons, unfortunately. A card-skimming script, which was in operation for at least a week, was discovered on the retailer’s website. The attack left an undisclosed number of credit card owners at risk of data theft, including their names, addresses, and their credit card number, security code and expiration date. When the breach was publicly disclosed, Macy’s shares sank 10.9% the following day.

The Financial Impact Data Breaches Have on Share Prices

Companies whose systems have been breached tend to underperform for a period of time, typically ranging from one to three years. In Macy’s case, for example, apart from the hit on its stock price, sales are expected to decrease as well. Understandably, customers might avoid shopping at a website that was recently breached. This could not have come at a worse time for Macy’s since the holiday season is upon us.

The 2017 Equifax data breach is also a prime example of how damaging cybersecurity incidents can be. Because of unauthorized exposure of customers’ personal data, Equifax has faced a series of challenges, including the downgrade of their financial rating and a massive stock price crash of 18.4%. To rectify the situation, Equifax has had to pay billions of dollars to cover system improvement costs as well as to settle lawsuits filed against them.

The recent Capital One data breach was one of the biggest data breaches ever, where a hacker gained access to the credit card and personal information of more than 100 million customers. The result was a 5.9% drop in their share price, as well as a GDPR fine ranging between $100 million to $500 million, according to Morgan Stanley. Their downfall is likely to be further amplified by low customer confidence and a 3% decrease in revenue over the next couple of years.

Additional Factors Exacerbating a Data Breach 

Every breach is unique. However, some factors tend to escalate the financial consequences of a data breach. Here is a quick breakdown of noticeable patterns and benchmarks:

    • Data Sensitivity: Unlike breaches involving basic information like names and addresses, those that expose highly sensitive data like credit card information or social security numbers are considered more serious. Cases like this are likely to yield higher drops in share price.
    • Breach Size: The magnitude of a breach (such as the number of people affected) is a significant determinant of stock price volatility. On average, it costs an enterprise $347 million in legal fees, fines, and remediation expenses for breaches that compromise hundreds of millions of stolen data records.
    • Industry: Financial companies are more susceptible to the largest drops in share price, whereas the repercussions for those in the healthcare industry tend to be less severe. On the other hand, companies in the technology and intellectual property sectors may experience greater damages than what is reflected in the drop of their share price, since hackers may have stolen valuable trade secrets - losses undisclosed with the breach information.

Minimizing the Risk of Data Breaches

The four points below are an overview of how to better secure your organization:

      • Train your employees on the various aspects of data security so they are more conscious about the proper ways of handling sensitive data, as well as the implications of not following security protocols.
      • Explore different security technologies such as firewalls, password management software, and virtual private network (VPN).
      • Be proactive, not reactive. Conduct regular audits to get a comprehensive overview of your infosec health. 
      • Since over 80% of data breaches happen due to stolen or weak passwords, investing in solutions to replace them is advised. Biometric systems provide the most advanced form of authentication by providing a convenient, fast, and virtually bullet-proof identity verification solution.


Avoiding a data breach is more financially sound than enduring its consequences. Contact one of our authentication experts to learn how you can easily improve your system’s security.

Contact Us


Get monthly blogs, research, news, and more right to your email inbox.

Recent Posts