Data privacy and cybersecurity-related issues have become major drivers of business risk in recent years. Based on Morningstar Sustainalytics’ Data Privacy and Security (DP&S) incident data, this report reviews recent DP&S incident trends and assesses the impact of significant cyberattack Incidents on stock returns over time. Our analysis reveals that strong Data Privacy and Security Management Indicator Scores are a favorable signal, positively correlated to one-year post-incident returns and significant risk reduction.
Key findings:
- We examine the average stock reaction over 120 trading days based on a time-series analysis of news releases of 69 high-risk cyberattacks. Post-incident, technical analysis shows the average group of companies bottoming on the 60th trading day close, down -4.6%.
- One year later, the ‘incident portfolio’ still appears negatively affected by the cyberattacks, down -0.65%, and underperforming company benchmarks and the market by double digits.
- Our research reveals that stronger ESG Management Indicator Scores in Data Privacy and Security (DP&S) Policy are beneficial signals, showing that those companies with stronger scores had better returns one year later.
- Stronger ESG Management Indicator Scores in DP&S have risk benefits in high-risk cyberattacks Incidents via lower share price volatility and shallower average max drawdowns.