Report: The Impact of Cyberattacks on Stock Prices

New

Data privacy and cybersecurity-related issues have become major drivers of business risk in recent years. Based on Morningstar Sustainalytics’ Data Privacy and Security (DP&S) incident data, this report reviews recent DP&S incident trends and assesses the impact of significant cyberattack Incidents on stock returns over time. Our analysis reveals that strong Data Privacy and Security Management Indicator Scores are a favorable signal, positively correlated to one-year post-incident returns and significant risk reduction. 

Key findings:  

  • We examine the average stock reaction over 120 trading days based on a time-series analysis of news releases of 69 high-risk cyberattacks. Post-incident, technical analysis shows the average group of companies bottoming on the 60th trading day close, down -4.6%.
  • One year later, the ‘incident portfolio’ still appears negatively affected by the cyberattacks, down -0.65%, and underperforming company benchmarks and the market by double digits.
  • Our research reveals that stronger ESG Management Indicator Scores in Data Privacy and Security (DP&S) Policy are beneficial signals, showing that those companies with stronger scores had better returns one year later.
  • Stronger ESG Management Indicator Scores in DP&S have risk benefits in high-risk cyberattacks Incidents via lower share price volatility and shallower average max drawdowns.