In data breaches, keeping number of records lost secret can protect stock prices

by Tim Greene

Be the first to comment | I like it!
Tags: data breach

April 15, 2010, 11:26 AM — Network World —

Hed: In data breaches, keeping number of records lost secret can protect stock prices.Deck: In Heartland's case, it took more than a year to overcome the data-breach stock plunge.By Tim GreeneWhen companies publicly declare that they have suffered a data breach, it's best not to reveal how many individual records were involved if they don't want to take a hit in their stock prices, according to a study.

The 2009 data breach hall of shame

The Heartland breach last year involving 130 million lost records set off a plunge that reduced its stock price by 90%, and it hadn't fully recovered a year later, according to the Perimeter E-Security "U.S. Data Breach Study of 2009" report. Smaller breaches triggered stock-price drops of 12% on average that were made up for in about 60 days, the study says.

But when companies don't reveal how many records were compromised, there is no discernible impact on the stock price. "When it is a high-profile, largely publicized breach, it seems to impact the stock heavily," the study says. "When a company does not disclose the total number of records lost, there appears to be no statistically meaningful impact to the stock."

Perhaps businesses have already figured this out. The study says that last year in cases when financial data records were lost, two-thirds of the public reports of these incidents did not state how many records were involved, and this seems to be a trend. "In 2008, 42% of incidents did not include the number of records compromised," the data-breach study says.

The trend is true outside financial data, with the overall percentage that don't tell how many records were compromised approaching 40%, the study says.

Because all laws governing the disclosure of breaches are state laws, the rules vary from state to state. Some allow breaches be kept entirely private if there is no "reasonable likelihood of harm" a vague term that is not defined by the laws, the study says. Only five states have no disclosure law: Kentucky, Louisiana, Mississippi, New Mexico and South Dakota.

12next »

I like it!

Email
Print
Share
- Slashdot
- Digg
- Stumble
- Reddit
- Newsvine

Originally published on www.networkworld.com. Click here to read the original story.

On Twitter now

data breach

Refresh results

More Data breach Results from Twitter

On Twitter now

data breach

View more data breach tweets

Post a comment

Your name: *

E-mail: *

The content of this field is kept private and will not be shown publicly.

Subject:

Comment: *

Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
Lines and paragraphs break automatically.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

*E-mail address:

*Verify E-mail:

*Job Title:

*Industry:

*Company Size:

*Country

* State:

I would like to receive offers via email from ITworld partners.

By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.

view all newsletters »

8 geek videos that aren't viral...yet!
Videos so wrong you don't want to be right.

	The Official Ubuntu Server Book, 2nd Ed. Learn how to deploy the most common server applications, from file and print services to virtualization and cloud computing. Enter now!
	The New Era of Enterprise Business Intelligence BI expert Mike Biere presents a complete blueprint for creating winning BI strategies and infrastructure. Go now!
	Laugh at work: True tales from the IT trenches Computerworld readers share their stories of hapless users and idiotic bosses (Free with registration)

In data breaches, keeping number of records lost secret can protect stock prices

On Twitter now

data breach

On Twitter now

data breach

Remote Access and Management