As corporations globally recover from recent ransomware attacks, Centrify-commissioned research reveals that many organisations underestimate the true cost of data breaches

Centrify CEO Tom KempCentrify, the leader in securing hybrid enterprises through the power of identity services, has released research in Australia revealing how data breaches damage company finances and shareholder value.

Commissioned by Centrify, the new Ponemon survey of 749 Australian IT professionals, marketers and consumers reports how data security breaches negatively impact an entire organisation, from sales and marketing to shareholders. This report is of particular significance to Australia where mandatory data breach notification legislation will take effect from February 2018.

Ponemon found that the stock value index of 113 randomly selected global companies declined by an average of five per cent on the day a data breach was disclosed and experienced a customer churn rate of as much as seven per cent.

What’s more, one third of Australian consumers impacted by a data breach reported they had discontinued their relationship with the organisation that experienced the breach.

Forty per cent of Australian IT practitioners responding to this study reported their organisation had experienced a data breach involving the loss or theft of more than 1000 records containing sensitive or confidential customer or business information in the previous two years.

Surprisingly, while the study found a data breach has a significant impact on brand reputation, more than two thirds of IT practitioners do not believe it's their responsibility to protect the company brand.

Centrify, a rapidly growing security vendor with more than 5000 customers, including more than half of the Fortune 50 in the US, achieved more than US$100 million in global sales during its 2016-17 financial year. This included a strong performance by Centrify in Australia and New Zealand during the past year.

Centrify CEO Tom Kemp said the Ponemon report’s findings demonstrated that data breaches were bottom line business concerns. “This report serves as a wake-up call to every organisation that security isn’t just about protecting data, it’s about protecting the business,” he said.

“Data protection is no longer just an IT problem. When a breach can decimate your valuation and decimate your customer base, it must be elevated to the C-suite and boardroom because it requires a holistic and strategic approach to protecting the entire organisation.

“No one wants to be the next Yahoo, which after suffering two massive data breaches affecting one billion accounts saw a $350 million reduction in the company’s sale price to Verizon.

“The bottom line is that security is a core business concern which demands the attention of the CEO, the C-suite and the board of directors. The fact is a breach can damage a company’s image for good.”

A recent example was when popular fast food chain Chipotle’s stock rose 6.8 per cent after reporting better than expected Q1 earnings, but saw those gains chopped in half after it revealed a data breach while the cost to Chipotle shareholders was more than $400 million.

The Impact of a Data Breach on Reputation and Share Value study uniquely presents the views of three diverse groups who, in common, have the ability to influence share value and reputation. Ponemon Institute surveyed 215 individuals in IT operations and information security, 218 senior level marketers and corporate communication professionals and 316 consumers.

Miscalculation of Security Risk on Shareholder Value

The Ponemon study found a direct correlation between the organisation’s security posture after a data breach and share value drop, customer churn and revenue loss. The following findings are based on a sample of 113 publicly-traded companies that experienced a material data breach:

  • The share value index dropped an average of five per cent on the day a breach was disclosed
  • Companies with a high security posture that responded quickly to the breach event recovered their stock value after an average of seven days, while
  • Companies with a low security posture that did not respond quickly to the data breach experienced a stock price decline that on average lasted more than 90 days.

The Ponemon study also found that companies with a poor security posture experienced a customer churn increase of up to seven per cent - which can amount to millions in lost revenue. Thirty-three per cent of Australian consumers reported that, after they were impacted by a data breach, they had discontinued their relationship with the organisation that suffered the breach.

Blind Spots in the C-Suite with Costly Consequences

Centrify Senior Director APAC Sales Niall King said the Ponemon results pointed out a potentially disastrous internal disconnect regarding data security. “The Ponemon study found data breaches rank in the three most negative impacts to brand reputation, along with terrible customer service and environmental disaster,” he said.

“Yet many organisations relegate security almost entirely to IT: 44 per cent of IT practitioners and 49 per cent of CMOs don’t believe that brand protection is taken seriously in the C-Suite.

“When you couple this with the 86 per cent of CMOs who believe the biggest cost of a security incident is the loss of brand value and the whopping 69 per cent of IT respondents who do not believe protecting their company’s brand is their responsibility, one quickly sees a glaring and potentially disastrous internal disconnect.

“Even more alarming is the misalignment between companies and consumers regarding the protection of personal information. While 80 per cent of consumers believe organisations have an obligation to take reasonable steps to secure their personal information, only 61 per cent of IT professionals agree. Once that belief is breached, consumers don’t easily forgive or forget.”

Other study findings about the impact of a data breach on brand reputation include:

  • Sixty-eight per cent of IT practitioners do not believe their companies have a high level of ability to prevent breaches
  • Only 21 per cent of CMOs and three per cent of IT practitioners say they would be concerned about a decline in their companies’ stock price
  • For IT, the three biggest concerns are the loss of their jobs (62 per cent), time to recover / decreases in productivity, and regulatory fines or lawsuits (both 43 per cent).
  • While 70 per cent of consumers surveyed believe organisations have an obligation to control access to their information, only 46 per cent of CMOs and 44 per cent of IT security practitioners believe this is an obligation.

The Study

In Australia, the Ponemon study surveyed 215 individuals in IT operations and information security, 218 senior level marketing professionals and 316 consumers. To determine the impact a data breach has on stock value, 113 benchmarked global public companies that experienced a data breach involving consumer data were selected for this analysis. These companies, which represented 16 industry sectors, were indexed against a matching sample of companies that did not experience a data breach during the test period. The Security Effectiveness Score (SES) referenced in this study is determined by utilising the Ponemon Institute’s proprietary benchmark database and is derived from rating numerous security features or practices, including but not limited to, having a full-time CISO, employee training and awareness programs, regular audits and assessments of security vulnerabilities, and policies to manage third-party risk.  This method has been validated from more than 50 independent studies conducted for more than a decade. Download the full report at http://www.centrify.com/lp/ponemon-data-breach-brand-impact/.

Media contact Australia / New Zealand: John Harris on +61 8 8431 4000 or email john@impress.com.au.

About Centrify

Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry recognized leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify is enabling more than 5000 customers, including over half the Fortune 50 in the US, to defend their organisations. To learn more visit www.centrify.com.

The Breach Stops Here.

Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.

Related News

  • Centrify doubles cloud customers during 2014 Centrify Corporation reports growing customer adoption and broad industry support for Centrify User Suite, its innovative cloud-based offering that integrates mobility with identit...
  • Centrify tightens up admin security for Macs New Centrify capabilities reduce risk by securing local administrator passwords and simplifying Mac application management with turnkey Munki integration Centrify Senior Director ...