Our latest ESG analysis shows how the level of risk surrounding cyber security is increasing. We explore some of the recent historical examples of cyber attacks, how it has affected stock price, and what it means for a SolarWinds recovery
Remote work during the pandemic has required vast numbers of people across organizations to work together effectively. However, the increased online exchange of information, including credit card and social security numbers, has created new opportunities for hackers and identity thieves. Although hacks are hard to predict a clear upward trend in 2020 suggests that we are in store for more in 2021. This has never been more apparent than the recent SolarWinds breach that compromised the highest levels of governments and corporations alike.
While occasionally we see historical Cyber Risk that predates a major hack, most unfortunately cannot be easily predicted. This being said, companies do have a responsibility to protect their customers' information and can put protocols and procedures in place to mitigate damage when data breaches occur. We used our Safeguard ESG platform to analyze cyber security mentions in 2020. We look at the major hacks of the last few years and explore the effect on companies and their stock price.
Data breaches, with regard to ESG, fall under social and governance concerns. Social from the standpoint of customer data protection, and governance, in terms of how companies treat and address data breaches when they do occur. Nearly all companies take immediate hits to sentiment and stock price when a major data breach occurs. However, a major difference between a quick or sluggish recovery depends on the companies’ response and the level of exposure in the data breach.
In July 2019 Capital One (COF) disclosed a hack that exposed the information of 100 million customers. From July 2019 to October 2019 the stock fell 11%. By the end of November 2019 the stock had rebounded to pre-hack levels. Sentiment did not recover until October 2020.
There are a few factors that play into the recovery of the stock price in this case. One detail is that at the moment the hack went public the perpetrator had already been apprehended by law enforcement. Capital One was able to confirm no customer information had been compromised, effectively communicated with customers what happened, and provided free credit monitoring and identity protection in the wake of the hack. Moreover, no major government organizations or companies were compromised, further mitigating the potential damage and helping the rebound.
The hotel giant Marriott International (MAR) had a recent history of compromised guest information. In November of 2018 they discovered a hack that compromised the information of 500 million customers. Forbes reported there were warning signs to this hack and a string of unreported security breaches preceding the hack. In 2018 Marriott International stock (MAR) dropped 13% over the course of a month. Just three months after the hack in February of 2019 the stock had recovered to pre-hack levels. Sentiment would not recover fully.
In Marriott’s case there were warning signs that security was lax, as reported by Forbes, and there was an increased level of litigation by government bodies compared to the Capital One hack. Similar to Capital One, the information exposed from Marriott was mostly consumer, they were transparent with customers, and provided credit monitoring. The hotel chain also experienced a hack in March of 2020 that was less severe, and at the onset of the pandemic the drop in stock price was hard to attribute to the hack alone.
The SolarWinds hack is very different from the ones mentioned above, making it difficult to predict if and when the stock will rebound. The level of organizations and information possibly compromised is much greater than the consumer facing hacks of Marriott and Capital One. This cyber security breach was first noticed by FireEye and Microsoft. The two companies had been breached internally through SolarWinds’ Orion product that had malware installed at an unknown date. The security breach has now affected 250 organizations at a private and government level, including the Department of Treasury and Department of Commerce. The hack is thought to have been orchestrated by a foreign actor and required a high level of planning.
SolarWinds’ Orion product accounts for half of the company's revenue, and was the target of the hack. In the month since the breach SolarWinds stock is down 36.56%, a much higher hit to the share price than any of the other hacks. The level of severity is directly tied to the compromised product, Orion, due to its prevalence in IT infrastructure throughout multiple industries and government institutions. It’s hard to predict if and when SolarWinds will rebound.
The Capital One and Marriott cases show that effective communication to customers and effort to mitigate damage from hacking events can lead to successful stock rebounds in a fairly short period of time. While cyber security breaches are unpredictable, company efforts can play a role in reducing the impact of the problems when they occur.
In looking at our distribution of mentions for Cyber Risk, IT and Communications are featured prominently. Other sectors that have significant mentions include Industrials, Consumer, Health Care, and Financials. Increased digitization and online capacity in workflows makes Cyber Risk a sector wide problem, and vigilance is needed by all organizations to protect themselves and their customers moving forward.
Request an ESG demo today to find out how you can analyze earnings call transcripts and other financial documents with our text analytics platform. Spot outliers, identify critical insights, and understand key drivers.
Amenity Analytics is the industry leader in providing insights from unstructured text by using Natural Language Processing (NLP) assisted by Artificial Intelligence (AI) and Machine Learning (ML). Amenity’s NLP system is a sector-agnostic, language-dependent tool for quantitative text analysis that is deployed across the financial services industry and beyond.
This communication does not represent investment advice. Transcript text provided by FACTSET and S&P Global Market Intelligence.
Copyright ©2021 Amenity Analytics.