Cyberattacks, data breaches scare off investors, study says

Data breaches and cyberattacks aren't just a worry for consumers who've had personal information filched or paranoid information security pros. They can also scare away investors, according to a study on investor attitudes toward cybersecurity released Monday.

Companies with a history of being targeted in cyberattacks one or more times were viewed with skepticism by the 405 investors who took part in the study by HBGary, which offers tools and services to protect information from cyber spies and terrorists.

Some 78.1% of them said they were somewhat or very unlikely to invest in such a company. In addition, more than two-thirds (68.7%) said they would be somewhat or very unlikely to invest in a company with a history of one or more data breaches.

[See also: U.S. bank cyberattacks reflect 'frightening' new era

The study, performed by Zogby Analytics, showed that investors are less concerned about cyberattacks themselves than about how a company responds to them. About two-thirds (66%) of the investors said they were more interested in how a company handles an attack, compared to 25% who said they were more concerned with the attacks themselves.

"There have been a few high-profile cases over the last couple of years where responses weren't as crisp as most people would have liked to have seen," Ken Silva, senior vice president of cyber strategy for Fairfax, Va.-ManTech International, HBGary's parent company, said in an interview.

"It had a very negative impact on the market capitalization of those companies," he said. "Things like that have had a serious impact for investors and is one of the things driving their concerns."

Investor attitudes toward cyber security is maturing, according to HBGary CSO Jim Butterworth. "Investors want to see more openness and transparency in a company's process, response, even their investment in cyber security."

The study also found that more investors are concerned with the theft of customer information than intellectual property. More than half the investors (57.2%) said they were more concerned about a breach of personal data. That compares to 28.8% who said they were more concerned about IP losses.

"That surprised us," Silva confessed. "You'd think that loss of intellectual property would be a top-of-mind issue for investors."

"That's probably because the tail on liability for the loss of consumer data is probably a lot longer and much more unknown than the loss of intellectual property," he added.

The impact is more immediate, too. "You could have millions of consumers who are outraged by the loss of the data," he explained, "while with intellectual property, it could take a little longer before you see the ramifications of that."

A company's brand also takes a big hit in a consumer data breach, said John Vecchi, vice president of marketing for Solera Networks in Salt Lake City, Utah.

That hit will be exacerbated if a company acts befuddled by the breach. "An organization's inability to answer critical post-breach questions can have the most detrimental effect on their brand," he said in an interview.

However, many companies still appear to be ill-equipped to battle cyberattacks. A study released by Solera today found that a third of malicious breaches are discovered by third parties, not by a company's security defenses.

The study, performed by the Ponemon Institute, also revealed that the average cost of a malicious data breach totaled $840,000 -- almost twice the $470,000 cost of a non-malicious breach.

"Our study confirms that organizations are facing a growing flood of increasingly malicious data breaches, and they don't have the tools, staff or resources to discover and resolve them," Larry Ponemon, chairman and founder of the institute that bears his name, said in a statement.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags data breachesHBGaryapplicationsManTechPonemon Institutesoftwaredata protectionData Protection | Data Privacycyberattacks

More about CSOSolera Networks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts