Cyber Security and Instilling Investor Confidence

Recent security breaches at Target, Michaels and Neiman Marcus have been heavily reported in the media with the bulk of the discussion pertaining to the impact of security breaches on consumers. But, for a publicly traded company like Target, it is also important to look at the long-term impact on investor confidence. 

There are many expenses related to a security breach and the extent of those expenses will take some time to surface in the accounting and financial reporting of a public company.  For example, Target’s initial response was to give customers a 10% discount over the weekend following the report of the breach. That financial loss can be measured within a relatively short time frame as compared to their second tactic of offering shoppers one year of credit monitoring.  Customers have until April 23, 2014 to sign up, so it may not be easy for Target to estimate how many customers will actually take them up on the offer. In this respect, it will take some time to assess the financial impact.

The impact of the event can also be seen in Target’s stock price. If you look at the historical data for Target’s stock price over the past year, there is a marked dip in stock price that occurs in the beginning of January, shortly after the breach announcement.

Target will need to show they are restoring shopper confidence. Some people may initially decide to shop elsewhere. Though they may return over time, that lag could result in a decline in revenue for a period of time. How long that period will be may be related to Target’s sharing with a Senate committee that they are accelerating plans to adopt a new technology to decrease the potential for credit card fraud. If Target follows through with implementing the new security measures, this may have a positive impact on restoring shopper confidence.

During the Senate hearing, Mallory Duncan of the National Retail Federation was quoted in The New York Times as saying, “Data breaches are a fact of life in the United States.” If you can accept that similar breaches are indeed “a fact of life,” then it’s important for companies to continually evaluate their risk management plans and monitor the impact and recovery of other companies that experience a breach. Only time will tell whether Target’s response to their customers and their investors will have a positive impact in instilling confidence in the brand.