How does information leakage affect the value of brands?

Any company focused on personalized interaction with the user is, in one way or another, involved in collecting, processing and storing his personal data (full name, age, email, place of residence or stay, volumes of goods purchased, and much more). Such materials are of interest to hackers and other attackers: having correctly processed this information, it is always possible, using social engineering tools, to gain access to the client’s money.

According to InfoWatch, in 2021, 1,729 cases of leakage of restricted access information were registered worldwide: 8.42 billion different types of records appeared on the network confidential. In Russia, at the same time, experts recorded 331 leaks of information of this type, that is, approximately 80 million lines (an increase compared to 2020 was + 20%).

In 2022, the situation, as can be seen from the monitoring reports of IT companies involved in security issues, has not improved: several leaks of user data successively occurred from large ecosystem Russian corporations, while the fines imposed by the authorities on offenders amounted to only 60 thousand rubles.

The minimal punishment, coupled with the almost completely absent institution of reputation, which also provides for the sale of the company’s securities due to identified violations, as a result did not have a serious economic impact on the business that failed to comply with legal conditions.

What is happening in Western countries? The situation there is completely different for a number of reasons:

First, citizens have the right to file class and individual lawsuits with an unlimited amount of claims. If these claims are successful, the offending companies pay millions. The most significant case happened with T-Mobile, whose database (76 million customers) was publicly available. The firm was hit with 44 class action lawsuits in multiple states. According to a preliminary agreement with the victims, the operator must pay its customers $350 million (amount excluding taxes). In addition, the legal entity pledged to invest $150 million in improving the security system.

Secondly, in addition to direct compensatory costs, legal entities always receive long-term negative consequences for their securities:

in the short term (until the end of the first year): after the leak was reported, InfoWatch analysts noted in 2020, based on an analysis of information on the economic consequences of such events in 17 large public corporations in 2019, the capitalization of financial companies decreased by more than a third, firms from the retail and industry sectors – by 8 and 3.58% respectively;
in the long term (2 years or more), the stock price of offending firms on NASDAQ lags behind companies that did not make similar mistakes (analysts estimated this indicator in 2019 at -13.27%).

Example from practice. In 2018 due to fixation leaks personal data of Facebook users (recognized as an extremist site in the Russian Federation) lost almost $60 billion in market value in two days, and the estimated wealth of its founder and owner decreased by more than $6 billion.

It is quite obvious that a decrease in the price of securities directly affects the company’s ability to attract additional cheap resources for its infrastructure projects in the future.

And just how much can brands lose from data breaches? According to analysts from consulting firms Infosys and Interbrand, if the leak of information concerns the 100 largest companies on the planet, then losses in 2020 could amount to up to $223 billion. It looks segmented So. Technology companies alone lost up to $29 billion (or 53% of revenue).

In this design (when a stormy decline can be dispersed by one negative news, and user trust is acquired through long and painstaking work), it is profitable for foreign corporations to invest additional resources:

how to ensure the security necessary for companies – even if an emergency occurs, the company can always justify itself to clients by declaring an integral internal security system that was hacked as a result of a tragic accident;
and in an attempt to level out the negative effect of what happened (this can manifest itself, for example, in payment for issue new passports).

Accordingly, by flooding the market with money, entrepreneurs prevent the likelihood of a large-scale negative adjustment in shares: if there is a fall, it will be minimized in time.

Why is it difficult to organize this in Russia?

The main reason is that public opinion does not have a serious influence on either the markets or the owners (which are either state corporations or large businesses with interests in different economic spheres). If we add to this the impossibility of bringing class actions and the general apathy of the population, which does not want to protect their rights in this direction, then only the proposed institution of turnover fines can be used as an active tool of prevention in this situation (although there are “pitfalls” here too – situations with leaks of personal data may well become more latent).

At the same time, Russia is one of the few countries in which it is possible register database. And this already presupposes a certain protection. But for some reason this option is used extremely rarely.

Useful from Online Patent: