Data leaks lead to higher interest rates on loans



The researchers report that companies that have suffered from a security breach may not face a drop in their share prices, but they may pay higher loan rates and be forced to provide collateral.

Companies facing data breaches may not be affected in the long term by falling stocks, but they will often have to pay higher interest rates on loans and provide other concessions, according to research released this week.

An academic study by researchers at Yeshiva University in New York and the Hong Kong Polytechnic University found that the average company pays nearly $ 3.7 million more interest annually. Companies with a good reputation for IT security, which often have better credit terms than their peers, have been hit harder by hacking.

These results highlight how banks are charging companies for the uncertainty that arose after the breach, said Henry Huang, assistant professor of accounting at Yeshiva University School of Business.

“After the violation, due to direct and indirect costs, there is great uncertainty about [to] the future of the company, he says. – What happens to the regulations? What’s going on with the lawsuit? What happens if a large customer leaves? This is uncertainty, and banks hate it. “

This study it is the latest attempt to quantify the impact of a data breach on companies. In April IOActive researcher discovered that data loss usually results in a 5% drop in share prices, but nearly two-thirds of companies recover within a month. This study found that disclosing a vulnerability resulted in a 4% drop in stock prices, but the impact lasted no more than a month.

While investors forgive data breaches, banks do not, according to a study by Yeshiva University and Hong Kong Polytechnic University. In addition to higher interest rates on loans, many banks required collateral or forced companies to comply with other requirements.

There is good news for companies affected by the breach: banks have rewarded those who took decisive action to improve security and mitigate the impact of the breach, the researchers found.

The study “identified remedial measures that mitigate the adverse impact of data breaches,” said Chong Wan, study co-author and assistant professor of accounting at Hong Kong Polytechnic University. said in a statement… “One takeaway is that companies, especially in vulnerable industries, need to invest more in data security to avoid costly capital market penalties.”

Researchers assessed 139 violations of rights between 2005 and 2014 and 1,081 bank loans during this period, as well as two years before and after, examining the impact of data breaches on loan terms. Noting that previous studies have linked internal control (ICW) deficiencies to unfavorable bank loan conditions, the researchers argued that the data leaks point to previously hidden ICWs and are likely to lead to higher bank loan rates and other concessions.

The study found that the average company that was affected by the violation paid an additional $ 3.7 million annually, averaging an average of $ 923 million. In fact, hacked firms pay an average of 40 basis points, or about 0.4 percentage points, higher interest rates than the average for all companies, compared to 28 basis points for firms with internal control deficiencies. According to the study, only financial recalculation entails a higher penalty: 65 basis points.

“The results suggest that prior to the data breach, there was no significant difference in terms of bank loans between hacked and unverified companies,” the researchers said in their article. “However, after a data breach, compromised firms have higher loan spreads and a higher likelihood of demanding collateral, and they provide more covenants than non-compromised firms.”

The researchers also found that criminal violations, as opposed to accidental data leaks, lead to harsher credit conditions, as well as more broken records. Companies in highly regulated industries such as healthcare, transportation, personal or business services incur higher penalties, possibly related to higher churn rates after a breach.

Finally, the stricter reporting requirements for violations in some states and countries have resulted in higher lending rates and more significant loan concessions.

“Companies that need to disclose the nature and extent of a data breach may be subject to fines and lawsuits, so they become more visible and the market pays more attention,” says Huang of Yeshiva University. “From the banks’ point of view, they may need additional time to investigate, while investors forget in the long run.”

Veteran of technology journalist for over 20 years. Former research engineer. Written for over two dozen publications including CNET, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five journalism awards including Best Deadline … View full biography

Recommended reading:

More information


Source link