The security industry is quick to point out that data breaches will negatively affect the public perception of an organization. While regulatory fines and lawsuits may also impose financial penalties, they often only represent a slap on the wrist compared to the cost of maintaining an effective security program. With over two hundred breaches disclosed against public companies in the last thirteen years, I investigate if the security shortfalls of breached organizations can impact their stock price. In this session I examine and expand upon existing work identifying the effects of announced breaches on publicly traded companies. Using this expanded dataset I will determine what measurable fiduciary effects breach notifications have on public companies and possible future trends in this area.
Chaim Sanders is a security researcher, lecturer, and security engineer. When he is not busy being overly cynical about the state of computing security, he teaches for the Computing Security department at the Rochester Institute of Technology and works as a Senior Offensive Security Engineer at Okta. His areas of interests include web application security and secure software development. Chaim’s sarcasm driven approach to security provides a unique vantage point that helps him to contribute to several Open Source projects including ModSecurity and OWASP Core Rule Set where he serves as the project leader.