How to Minimise Financial Damages from a Cyber Incident?

Data Breach / Incident Response

While many talks about how cyber incidents can bring detriments to firms, the financial damage does not necessarily linger following a cyber incident. In fact, having a strong cyber incident response strategy can curb declines in stock price and market confidence. Why? Because with every risk, there comes opportunity. It is a matter of how you respond to such threats that lead you to successful damage control, and even achieve growth.

Indeed, a hack can sink the ship…

Undoubtedly, a hack can cause investors to leave and a company’s stock price to sink.
This is prominent in the Equifax breach back in early September 2017 which impacted over 145 million people. Of which, their ostrich approach to the cyberattack is one of the key reasons to blame. Equifax has acknowledged it discovered suspicious activity in this system in late July. Yet,  they only disclosed the data breach in early September. As a result, the market shook its stock price from $142.74 down to $92.98 in just a week. The company’s market share has also struggled to recover ever since.

… but a hack need not be a disaster.

In 2014, JPMorgan was hit by the biggest bank breach in history, exposing 83 million households and small business accounts. It left mass personal identifiable information (PII) in the hands of malicious actors. Yet, it actually encouraged a slight growth in its share price.

What did they do differently? They had a strong cyber incident response strategy and made sure that the right news went out at the right time to the right people. At large, their cyber incident response strategy is underpinned by the following:


Keep calm and lead with the cybersecurity measure in place.  

Organisations that bounce back from a cyber incident are often equipped with a cyber incident response plan. So that the CEO can reassure customers and the stock market, by communicating the cybersecurity mechanisms the company has in place. The key here is to circulate that serious investments were made before a hack, to indicate that the security and privacy of customers are taken seriously.  In contrast, if an organisation does not have pre-existing cybersecurity measures that it can lean on, the brand’s reputation can be seriously damaged. It creates an impression that the company is incapable of managing threats, nor the breach should it arise.

Pivot, pivot, and pivot!

Following a breach, it is crucial to execute and publicise remediation strategies, such as announcing an increase in budget to enhance the organisation’s cybersecurity capability or fostering cyber awareness through an education program for staff. These pivots contribute to maintaining customers’ trust while reassuring them that they are in good hands.

We saw these actions following the JPMorgan Chase breach, where the company released extensive information on the attack and doubled its cybersecurity investment. Together, these post-breach recovery strategies can aid organisations to reduce, and even eliminate short-term negative stock market reactions.

Draw a roadmap of improvements from the lesson.

Leaders must expand on this experience into organisational learning and continuous innovation to drive these strategies into positive impact in the long term.

One of the most effective strategies in enforcing the improvements is running top management through simulated cyber attack exercises. By emulating these scenarios, the executives will get a chance to practice communication strategies and develop response procedures. This is also a good opportunity to test previously curated response plans that are still feasible and relevant to malicious actors’ tactics.

There is no such thing as bad PR – if you use it to your advantage.

While a cyberattack brings the targeted company into the spotlight for criticism, it also provides free publicity for the firm. The perfect way to bounce back is to showcase the company’s efforts in protecting its stakeholders and the overall community. That is why a well-rehearsed action plan and communication strategy is simply essential for any cyber incidents. Businesses should utilize this stage time effectively, to increase transparency, enhance cybersecurity maturity and improve their competitive position.

By having a systematic response strategy, businesses can curb the negative impact of a cyber incident to linger. Instead, they can focus on growing their performance and reputation in the long run.

CTRL Group teamed up with Hall & Wilcox to unpack the intricacies and best practices for cyber incident responses scenarios you may find yourself in.

Related Articles

Cyber Breach and Cyber Incident response and cyber insurance are fundamental to an organisation's cybersecurity.
Cyber Insurance / Incident Response
Are you Cyber Ready for Cyber Insurance?
Read more
Cybersecurity / Incident Response
Incident Response – Be Prepared
Read more
CTRL Group discuss the latest cyber attacks and cybersecurity trends
Ransomware / Incident Response
Ransomware Attack calls for Adequate Incident Response
Read more