As identified in the CGI Client Global Insights , cybersecurity is one of executives’ top influential trends for their industry. Yet, few company leaders are aware of the full extent of damage, or the full costs, caused by a cyber breach.

To help quantify these impacts, CGI’s UK cybersecurity leaders commissioned Oxford Economics to create a rigorous econometric model that captures the damage caused by a cyber breach to a company’s share price. The model was used to analyze publicly listed companies that experienced a cyber breach.*

The results of this study, The Cyber-Value Connection, reveal that:

  • A typical severe cybersecurity breach represents a permanent cost of 1.8% of company value, as measured relative to a control group of peer companies.
  • For a typical firm on the Financial Times Stock Exchange (FTSE) 100 Index, this equates to a permanent loss of market capitalization of £120 million, signaling a significant loss of value for shareholders.
  • When the cumulative impact on shareholder value is considered, the 65 severe breaches have cost investors £42 billion in total. Since this figure includes only publicly known severe breaches, the true impact is likely much higher.

While the damage of a cyber breach to shareholder value is significant today, the CGI study suggests that severe cyber breaches will become even more costly in the future as industry analysts include cyber as a factor affecting valuation, and new regulations such as the General Data Protection Regulation (GDPR) require companies to disclose incidents.

The CEO has responsibility for increasing company value. With the link between cyber breaches and company value established in this study, it is clear the CEO’s responsibility must also include direction and governance of cybersecurity.

The Cyber-Value Connection concludes with advice on how executives can challenge their organization and put in place effective cybersecurity governance.

The cyber-value connection

Learn more:

*The study is based on economic modelling from Oxford Economics, which conducted an Event Study analyzing a sample of public cybersecurity breaches since 2013 across seven global stock exchanges, based on information from the Gemalto Breach Level Index. A sample of 65 “severe” and “catastrophic” cybersecurity breaches were then analyzed to indicate the impact of these more significant attacks on company share price performance.