Bottom Line: High-profile companies that frequently use consumer data are targets, and negative effects linger for years.
In late 2013, retailer Target sustained a massive cyber-attack that led to the loss of almost 70 million customers’ credit card information and other data. The aftermath was costly. On the day it went public with news of the breach, Target lost US$890 million in market value. The firm subsequently spent $100 million on improvements to its IT system and other tech upgrades.
Target, of course, is not alone. Assessments vary, because cybercrime is underreported. But it costs companies an estimated $445 billion worldwide annually.
Despite the growing awareness of the threat, and some high-profile cases, we still don’t know much about which companies are most likely to be targeted and how an attack affects growth and shareholder value over time. But a new study explores these issues through a massive sample of data breaches that affected U.S. public corporations from 2005 through 2014 and examines the repercussions three years out.
The authors found that large, highly valued, and visible firms — such as Fortune 500 companies — are attacked most…