Cyber crime and share prices

Cyber crime is now a bigger threat than ever, according to the UK government – and it’s having an impact on share prices. When companies are the targets, their share prices  may suffer, as we explain below. Companies are fighting back to protect themselves and your investments. It’s cost the world an estimated US $8 trillion in 2023. That’s more than the British and German GDP added together.

New risk on the block

Investing in shares – also known as equities – is never without risk.

For years, it was assumed that there were a set number of risks.

Capital risk is the potential of loss of part or all of an investment. It applies to the whole gamut of assets that are not subject to a guarantee of full return of original capital. While liquidity risk refers to the potential difficulty an entity may face in meeting its short-term financial obligations due to an inability to convert assets into cash without incurring a substantial loss.

The list goes on, as does the list of tactics to combat or minimise those risks. A well-diversified portfolio just like those we offer clients, can reduce equity and liquidity risk by spreading your money across a range of highly regarded companies. We sometimes add bonds to spread the risk if the whole market goes down. Property is also another diversifier.

And now there’s Cyber risk.

The new normal

It started as a simple data breach in the busy pre-Christmas period. But pretty soon, the management team at T-Mobile realised they were on the end of a cyber attack. By January 2023, the personal information of over 37 million customers was out in the open.

That same year Activision (the makers of Call of Duty and other games), MailChimp and hospitality brand MGM Resorts also fell victim. Tactics such as denial-of-service, phishing, ransomware and password hacks all played their part.

Malware is probably the most common type of attack. It’s a catch all term for software that disrupts, damages or achieves entry into a computer system. And the biggest malware attack of was the 2017 WannaCry attack on users of Microsoft Windows – which is a pretty wide constituency – across 150 countries, that almost shut down Nissan, DeutscheBahn and the NHS to name just a few.

Perpetrators can be hard to pin down. But the UK government’s National Cyber Security Centre is in no doubt, saying that 2023, “… has seen the emergence of state-aligned actors as a new cyber threat to critical national infrastructure.” It specifically highlights China as, “… an epoch-defining challenge for UK security.”

Add all this together and you arrive at that global cost of $8 trillion.

Cyber and share prices

IBM calculates that the average cost of a data breach, following a cyber attack, is $4.5 million. They also say that 51% of organisations that experienced a breach plan to boost their security. Quite what the other 49% plan to do is a question for another day perhaps.

One report suggests that a company’s market value can fall by as much as 0.8% to 1.01% within just seven days of an attack. Put in context, against say a FTSE 100 that’s grown at around 7.5% a year,[8]and it can be a pretty substantial dent in a holding in a victim company.

Companies fight back

Theft, damage to reputation, a dented share price, there’s only so much a company can take before it fights back, and that fight takes the form of defence and response.

Defensive assets include educating staff on the importance of strong passwords and on protocols for the likely scams they will face in their professional roles. They also include software and hardware from antivirus applications to sophisticated data encryption,  the best firms will also recruit ‘reformed’ hackers to test their defences.

Selecting the best response to an attack will also minimise damage to reputation and share price.

These must now be reported to relevant authorities (no return to the bad old days when Dixons Carphone now Currys waited a year before reporting its 2017 breach) and the best companies will inform stakeholders promptly and take remedial action swiftly.

Your portfolio

It’s practically impossible to avoid companies that might fall victim to cyber attacks. But, like all risks in equity investing, cyber risk can be measured, assessed, and mitigated.

At First Wealth we work closely with our investment partners to ensure all potential risks in your portfolio are as knowable as possible. And, as with other equity risks, we believe a well-diversified portfolio by geography, sector and size of company is a front-line defence against cyber crime.

Known risks always have the potential to dent a share price. But we also ameliorate that by encouraging clients to take a long-term perspective. Pretty soon, that 1% fall in a week in a single stock can feel small within a portfolio of hundreds of stocks, all with solid corporate governance, held for decades.

Cyber risk is here to stay – but so is measurement and mitigation.

[1] https://www.ncsc.gov.uk/collection/annual-review-2023/threats-risks

[2] https://www.einnews.com/pr_news/606505844/cybercrime-damages-to-cost-the-world-8-trillion-usd-in-2023

[3] https://countryeconomy.com/countries/groups/g8

[4] https://www.electric.ai/blog/recent-big-company-data-breaches

[5] https://www.ncsc.gov.uk/files/Annual_Review_2023.pdf

[6] https://www.ibm.com/reports/data-breach?utm_content=SRCWW&p1=Search&p4=43700075239447542&p5=e&gclid=EAIaIQobChMIl7Dvkt3mgwMVNJpQBh2n2AuHEAAYASAAEgJehvD_BwE&gclsrc=aw.ds

[7] https://www.amf-france.org/sites/institutionnel/files/2020-02/study-stock-market-cybercrime-_-definition-cases-and-perspectives.pdf

[8] https://www.ig.com/uk/trading-strategies/what-are-the-average-returns-of-the-ftse-100–230511#:~:text=On%20an%20annualised%20basis%2C%20this,a%20total%20return%20of%207.48%25.&text=How%20has%20FTSE%20100%20performed,10%20years%20(2012%20%E2%80%93%202022*)%3F

[9] https://www.upguard.com/blog/biggest-data-breaches-uk

This document is marketing material for a retail audience and does not constitute advice or recommendations. Past performance is not a guide to future performance and may not be repeated. The value of investments and the income from them may go down as well as up and investors may not get back the amount originally invested.