Ponemon Study Reveals Impact of Data Breaches on Organizations’ Reputation

Organizations that experience data breaches can expect many negative repercussions such as loss of reputation, loss of customers and fall of share value. The impact of a data breach on a company’s reputation and share value has recently been studied by the Ponemon Institute.

The Centrify-sponsored survey was conducted on IT operations and information security professionals, senior level marketers, communications professionals and consumers. 31% of the 446 IT practitioners said they had experienced a data breach of more than 1,000 sensitive records in the past two years, while 62% of the 549 consumers surveyed said they had been notified by companies or government agencies that their data had been exposed as a result of a data breach in the past 24 months.

Data breaches are to be expected; however, the study suggests that the C-Suite and boards of directors do not fully appreciate the negative impact data breaches can have on companies’ reputations. The effect can be considerable. The Ponemon Institute tracked the share value of 113 publicly traded companies for 30 days prior to a data breach and for 90 days following the breach. On average, share value dropped by 5% following the disclosure of a data breach.

However, it is possible to stop a decline in share value following a breach, provided companies are able to respond quickly. Companies that had self-declared their security posture to be superior prior to a breach, and were able to respond quickly the security incident, regained stock value after an average of 7 days.

Companies that had a poor security posture and failed to respond quickly saw a stock price decline that lasted an average of 90 days. Organizations with a poor security posture and slow response were also more likely to lose customers as a result of the breach.

The potential for loss of customers is considerable. 31% of consumers said they discontinued their relationships with the breached entity following a data breach, while 65% said they lost trust in the organization after being affected by one or more breaches. The average losses reported by organizations with a low customer loss rate (less than 2%) was $2.67 million. A customer loss rate of 5% resulted in average revenue losses of £3.94 million.

The study also revealed that healthcare organizations are trusted the most when it comes to keeping sensitive information secure. 80% of consumers said they trusted their healthcare providers to protect their sensitive information with the industry ranking highest in terms of consumer trust, even though healthcare organizations experience 34% of all data breaches.

Aside from banking institutions, which were trusted by 77% of consumers, trust in financial institutions was far lower. Only 26% of consumers trusted their credit card company to protect data, even though credit and financial institutions account for just 4.8% of data breaches.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.