The Financial Impact of Cybersecurity on Stock Price and Corporate Valuation
Westbourne + Partners
Investors do not wait for recovery – cybersecurity failures hit where it hurts most: market value
Contents
1. Overview
Cyber risk is now a valuation risk.
2. Key Findings
The numbers are in: breaches cost more than we admit.
3. Methodology
We followed the data: global, financial, and forensic.
4. Global Quantitative Analysis
Cyber incidents hit the markets fast and hard.
4.1 High-Impact Incidents
Major breaches that shook shareholder confidence.
4.2 Additional Global Breaches
Widespread but under-reported losses across industries.
5. Sector-Specific Impact
Some industries bleed more than others.
6. Regional Analysis
Geography matters: regulations, reactions, and readiness.
7. Case Studies
What Equifax, SolarWinds, and Yahoo teach us about value destruction.
8. Investor and M&A Implications
Cyber due diligence is now deal-critical.
9. Strategic Recommendations
Turn cybersecurity from sunk cost to strategic asset.
10. Conclusion
Cyber maturity signals leadership maturity.
11. Bibliography
Overview
Cybersecurity breaches have evolved from isolated IT failures to enterprise-wide financial crises. Public companies that suffer breaches face not only operational disruption but also sharp market devaluation, erosion of investor trust, and increasing regulatory scrutiny.
This report quantifies the direct and indirect impact of cybersecurity incidents on stock performance and long-term corporate valuation, with a focus on Fortune Global 500 companies. It draws on over 50 documented breach incidents, cross-sector financial analysis, and investor sentiment data.
Our findings reveal that breached firms experience an average share price decline of 5.3% within days of disclosure [5], with long-term underperformance against sector benchmarks reaching up to 15%. The average recovery time to pre-breach valuation is 46 days [26], though reputational damage can persist far longer.
The global cost of cybercrime is estimated at $12 trillion [14] in 2024, and only 38% of Fortune 500 firms have publicly disclosed cyber incidents [9]. Alarmingly, 60% of the financial impact from breaches is believed to go unreported to shareholders [7], obscuring the full risk exposure. Meanwhile, 21% of M&A deals are delayed, repriced, or abandoned due to cybersecurity issues uncovered during due diligence [15].
Sector and regional dynamics further shape the extent of financial damage, with highly regulated industries such as financial services and healthcare showing the greatest value erosion post-breach.
Boards, CFOs, and investors must now treat cybersecurity risk as a core driver of enterprise value, integrating it into risk registers, M&A models, capital allocation decisions, and ESG reporting frameworks. Cyber resilience is not only a defence mechanism but a differentiator in competitive, capital-intensive environments.
Key Findings
Methodology
This report is based on a multi-pronged research methodology combining quantitative data analysis, case studies, and literature review:
Quantitative Analysis:
Reviewed 118 publicly disclosed cybersecurity incidents (2013–2023)
Analysed share price changes at Day 0, Day 5, Day 30, Day 180, and Day 365
Benchmarked against sector indices (S&P 500, NASDAQ, FTSE 100, Nikkei 225)
Case Study Selection:
Selected 12 high-impact breaches involving Fortune Global 500 firms
Reviewed market reactions, regulatory consequences, and remediation costs
Survey Data:
Incorporated insights from investor sentiment studies (Marsh & McLennan, IBM, Comparitech)
Cross-referenced with interviews from CISOs, CFOs, and M&A advisors
Literature and Regulatory Review:
Evaluated academic research on cyber risk and market valuation
Analysed new and evolving disclosure regulations (SEC 2023, GDPR, APAC data laws)
Regional Analysis:
Studied breach responses and outcomes in North America, EU, APAC, LATAM, and MENA
Global Quantitative Analysis
Financial Cost Benchmarks from Breach Incidents
4.1 High-Impact Incidents
Company | Year | Industry | Estimated Financial Loss | Share Price Impact |
Equifax | 2017 | Financial | $690M | -35% |
Maersk | 2017 | Logistics | $300M | -5% |
Yahoo | 2016 | Tech | $350M (M&A discount) | N/A |
Marriott | 2018 | Hospitality | $600M | -5% to -9% intraday |
Capital One | 2019 | Financial | $300M | -6% |
Target | 2013 | Retail | $202M | -10% |
Home Depot | 2014 | Retail | $179M | -5% |
British Airways | 2018 | Aviation | £20M fine + ~$200M loss | -4% |
Uber (2016) | 2016 | Tech/Transport | $148M | -3.7% |
Adobe | 2013 | Software | $1.1M fine + long-tail | -4.1% |
Experian (Brazil) | 2021 | Credit Bureau | $Not disclosed | -2.6% |
SingHealth | 2018 | Healthcare | Structural cost, no fine | Not listed |
Colonial Pipeline | 2021 | Energy | $4.4M paid ransom | Private company |
SolarWinds | 2020 | Software | Shareholder suit ongoing | -23% |
T-Mobile | 2021 | Telecom | $350M settlement | -3.6% |
Sony Pictures | 2014 | Media | $100M+ | -2.8% |
JP Morgan Chase | 2014 | Banking | $250M | -2.4% |
RSA Security | 2011 | Security | $66M+ | -4.7% |
2012 | Tech | Reputational + legal | -5.0% | |
eBay | 2014 | E-commerce | ~145M records | -7.0% |
Adobe (update) | 2022 | Cloud Software | Ongoing breach impact | -6.3% |
Facebook (Meta) | 2019 | Social Media | $5B FTC fine | -3.2% |
Desjardins Group | 2019 | Financial Coop | $108M | Cooperative |
TikTok | 2020 | Social Media | Regulatory investigations | Not disclosed |
Delta Airlines | 2018 | Aviation | Third-party breach | -2.3% |
Canva | 2019 | Design Software | 139M records | Private company |
NetEase | 2018 | Gaming | 50M accounts | -2.5% |
Adobe (2013) | 2013 | Creative Suite | 150M accounts breached | -6.7% |
Anthem | 2015 | Healthcare | $260M+ | -10.1% |
LinkedIn (2021) | 2021 | Tech | 700M profiles scraped | -2.9% |
Source: Compiled by Westbourne & Partners based on data from public company filings, SEC disclosures, IBM (2023) [5], Comparitech (2023) [26], Moody’s (2019) [7], S&P Global (2023) [8], and media reports from Yahoo [11], Verizon [10], and ICO [1].
4.2 Additional Global Breaches
Company | Year | Industry | Estimated Financial Loss | Share Price Impact |
Slack | 2022 | Collaboration | Internal impact disclosed | -6.0% |
Robinhood | 2021 | Fintech | $70M+ fines and cost | -3.8% |
Okta | 2022 | SaaS Security | Investor concern surge | -11.3% |
Uber (2022) | 2022 | Mobility | Operational reputation hit | -4.0% |
Fastly | 2021 | CDN/Tech | Disruption-led cost | -9.0% |
LabCorp | 2019 | Healthcare | Partner breach exposure | -5.0% |
MongoDB | 2018 | Database Tech | $Not disclosed | -6.0% |
ArcelorMittal | 2022 | Steel/Industry | European attack | -2.2% |
EasyJet | 2020 | Aviation | £18M fine + reputation | -8.0% |
Garmin | 2020 | GPS Tech | Ransomware shutdown | -7.0% |
Norwegian Cruise Line | 2021 | Travel | Data breach + lawsuit | -4.2% |
Booz Allen Hamilton | 2013 | Consultancy | Snowden link sensitivity | -2.6% |
Microsoft Exchange | 2021 | Tech | Global patch fallout | ~ -2.4% (est.) |
BAE Systems | 2018 | Defence | Defence cyber attack | -3.0% |
Sony PlayStation | 2011 | Gaming | $171M+ cost | -5.0% |
Zoom | 2020 | Communications | Breach amid COVID growth | -12.0% |
MoveIt/Zellis | 2023 | HR Tech (UK) | 3rd-party vendor breach | -1.0% to -3.0% |
NetEase | 2018 | Gaming | 50M user data leak | -2.5% |
Source: Compiled by Westbourne & Partners based on publicly available information, including SEC filings, regulatory disclosures, company press releases, media reports, and breach trackers such as IBM [5], Comparitech [26], ICO [1], and Zellis [12].
Sector-Specific Impact
The financial impact of cybersecurity breaches is not uniform across sectors. Certain industries are more vulnerable to severe valuation damage due to the sensitivity of data handled, regulatory obligations, and dependency on digital infrastructure.
5.1 Financial Services
Average breach cost: $5.9M
Average stock decline post-breach: -7.5%
Recovery period: 60–90 days
Notable incidents: Equifax, Capital One, JPMorgan Chase
Financial firms experience strong investor backlash due to trust erosion and potential legal liabilities.
5.2 Healthcare
Average breach cost: $10.1M (highest among all sectors)
Average stock decline post-breach: -6.2%
Regulatory implications: HIPAA (US), GDPR (EU), Personal Data Protection Laws (Asia)
Notable incidents: Anthem, LabCorp, SingHealth
Data sensitivity and life-critical systems amplify reputational and compliance risks.
5.3 Technology and Software
Average breach cost: $4.7M
Average stock decline post-breach: -5.8%
Notable incidents: SolarWinds, Okta, Zoom, MongoDB
While tech firms are more resilient due to investor understanding of cyber risks, they suffer deeper scrutiny in post-breach analysis, especially for B2B providers.
5.4 Retail and E-commerce
Average breach cost: $3.3M
Average stock decline post-breach: -4.9%
Notable incidents: Target, Home Depot, eBay, Adobe
High transaction volumes and customer data exposure lead to fines and class action suits, but brand loyalty may offer some buffer.
5.5 Energy and Utilities
Average breach cost: $6.1M
Average stock decline post-breach: -4.6%
Notable incidents: Colonial Pipeline, ArcelorMittal
Operational disruption risks are more severe than financial data loss, affecting national security and supply chains.
5.6 Aviation, Travel, and Hospitality
· Average breach cost: $4.9M
Average stock decline post-breach: -5.5%
Notable incidents: British Airways, EasyJet, Norwegian Cruise Line, Marriott
Strong brand image dependency heightens impact on bookings and customer trust.
5.7 Media and Telecommunications
Average breach cost: $3.6M
Average stock decline post-breach: -3.8%
Notable incidents: Sony Pictures, T-Mobile, Facebook (Meta)
Media face backlash. Telecoms bear infrastructure and compliance costs.
Source: Sectoral averages compiled by Westbourne & Partners based on data from IBM [5], Comparitech [26], Accenture [20], and S&P Global [8]. Notable incidents based on public company disclosures and media reports.
Source: IBM [5], Comparitech [26], Accenture [20], and public data compiled by Westbourne & Partners.
Regional Analysis
Cybersecurity breaches have varying financial and regulatory impacts across global regions. This section outlines the distinctive challenges and valuation consequences for firms based in North America, Europe, Asia-Pacific, the Middle East & Africa, and Latin America.
6.1 North America (US and Canada)
Breach Disclosure Laws: Strong mandatory reporting regulations (SEC, CCPA, HIPAA).
Financial Impact: On average, stock prices of breached US-listed companies fall by 6.7% within the first 5 days post-disclosure.
Regulatory Fines: SEC enforcement is increasing; Equifax paid over $700M in fines and settlements.
Notable Breaches: Equifax, Capital One, SolarWinds, Target, Colonial Pipeline.
M&A Impact: Verizon’s $350M valuation haircut of Yahoo acquisition due to breach.
6.2 Europe (EU + UK)
Breach Disclosure Laws: GDPR mandates breach notification within 72 hours.
Financial Impact: Average market decline of 5.2%, but with significant reputational lag.
Regulatory Fines: Highest enforcement globally; British Airways fined £20M, Marriott £18M.
Notable Breaches: British Airways, EasyJet, BAE Systems, MoveIt/Zellis, Deutsche Telekom.
Investor Reaction: ESG and data governance ratings are heavily influenced by breach history.
6.3 Asia-Pacific
Breach Disclosure Laws: Emerging frameworks (China’s PIPL, India’s DPDP Act 2023, Singapore’s PDPA).
Financial Impact: Share price impact more muted (-2.3% avg), but rising scrutiny from regulators and investors.
Cultural and Legal Sensitivity: Often underreported; reputational risk has delayed onset.
Notable Breaches: SingHealth (Singapore), NetEase (China), TSMC (Taiwan), Tokopedia (Indonesia).
Investment Note: Global investors push for more transparency as firms list on global exchanges.
6.4 Middle East & Africa
Breach Disclosure Laws: Data protection frameworks are maturing. The UAE enforces DIFC and ADGM laws, while Saudi Arabia introduced its Personal Data Protection Law in 2023.
Financial Impact: Due to limited disclosure, financial data is scarce. A 2023 Deloitte report notes rising investments in cyber resilience, especially in energy and banking.
Notable Trends: According to the World Economic Forum’s 2024 Cybersecurity Outlook, cybersecurity spending is increasing across GCC states, driven by smart city and infrastructure programmes.
Notable Incidents: Public sources cite cyber events affecting African banks and GCC industrial systems, with advisories issued by UAE’s NESA. These have led to stronger regional cyber collaboration.
Investor Outlook: A 2024 PwC Middle East survey indicates investors are increasingly evaluating cyber governance, particularly in regulated sectors like banking and telecoms.
6.5 Latin America
Breach Disclosure Laws: Patchy Brazil’s LGPD leads the way; enforcement varies by country.
Financial Impact: Regional banks and telecoms under threat; average share impact -3.6%.
Notable Incidents: Experian Brazil, Petrobas (suspected state actor attacks), Banco de Chile.
Regulatory Movement: Regional push to unify breach protocols.
Valuation Signals: Investor flight risk post-breach due to political and currency instability.
Source: Regional breach trends compiled by Westbourne & Partners based on data from IBM [5], Comparitech [26], Moody’s [7], S&P Global [8], Deloitte [16], PwC Middle East [17], World Economic Forum [14], and publicly disclosed incidents.
Case Studies
This section provides deep dives into selected cybersecurity incidents that had substantial effects on stock price, investor sentiment, regulatory outcomes, and overall corporate valuation. Each case illustrates a different angle, technical failure, delayed disclosure, M&A disruption, or regulatory impact.
7.1 Equifax (2017)
Industry: Credit Bureau
Incident: Personal data of 147 million people breached due to unpatched Apache Struts vulnerability.
Impact:
Share price fell 35% within 3 weeks.
Over $690 million in fines, settlements, and lawsuits.
CEO, CIO, and CSO resigned.
Downgraded credit outlook by Moody’s.
Case is now standard in corporate governance and risk textbooks.
7.2 Yahoo (2013–2014 disclosed in 2016)
Industry: Technology / Email Services
Incident: Data breaches affecting all 3 billion user accounts.
Impact:
Disclosure occurred after M&A announcement.
Verizon reduced acquisition offer by $350 million.
Forced reassessment of cybersecurity disclosures in M&A deals.
Led to one of the largest class action settlements in cyber history.
7.3 SolarWinds (2020)
Industry: Software/IT Supply Chain
Incident: Nation-state breach through Orion software update (supply chain attack).
Impact:
Share price dropped 23% in the weeks following disclosure.
Multiple government agencies and 18,000 customers compromised.
SEC launched formal investigation into SolarWinds’ cyber risk oversight.
Sparked US government reforms on software supply chain and third-party risk.
7.4 Capital One (2019)
Industry: Financial Services
Incident: Ex-Amazon employee accessed 100 million customer records via misconfigured AWS bucket.
Impact:
$300 million in estimated total cost (including $80M OCC fine).
Stock dropped 6% immediately, with slow recovery over 3 months.
Reinforced concerns about cloud misconfigurations and vendor risk.
7.5 British Airways (2018)
Industry: Aviation / Travel
Incident: Magecart card-skimming attack captured customer payment details.
Impact:
Fined £20 million under GDPR (initially £183M proposed).
Brand took significant reputational hit in Europe.
Share price fell 4% initially, with further dips in Q3 results.
7.6 Colonial Pipeline (2021)
Industry: Energy
Incident: Ransomware shut down fuel delivery pipeline across Eastern US.
Impact:
Company paid $4.4 million ransom (partially recovered by FBI).
Caused national supply chain disruption and panic buying.
Accelerated White House executive orders on critical infrastructure protection.
Source: Case details compiled by Westbourne & Partners based on public company filings, SEC disclosures, IBM [5], Comparitech [26], Moody’s [7], Verizon [10], Yahoo Inc. [11], SolarWinds [9], and ICO [1].
Investor and M&A Implications
Cybersecurity has rapidly evolved from an operational IT issue to a board-level strategic concern with significant implications for investor relations and corporate transactions. This section outlines how cybersecurity posture and breach history affect investment decisions, credit ratings, and M&A valuations.
8.1 Investor Sentiment and Valuation Multiples
Investor Concerns: According to a 2023 Marsh & McLennan investor survey, 70% of institutional investors factor in cybersecurity maturity when valuing companies.
Valuation Adjustments: Firms with weak cyber governance or recent breaches often see 1–2x lower EV/EBITDA multiples.
Credit Ratings Impact: Moody’s downgraded Equifax’s outlook due to exposure from its 2017 breach, signalling the growing credit risk profile of cyber-affected companies.
Shareholder Activism: Increasing trend of investors pushing for cyber risk oversight on proxy ballots and ESG scorecards.
8.2 M&A Deal Structures and Due Diligence
Cyber Due Diligence: Now considered a core part of M&A due diligence. Private equity and strategic buyers employ third-party cyber assessments before closing.
Deal Repricing: The Yahoo-Verizon deal was discounted by $350M post-disclosure. Similarly, cyber issues led to delays or terminations of several transactions.
Warranty and Indemnity Insurance: Cyber risk exclusions are becoming common in W&I policies, making disclosures and cyber maturity assessments critical.
Regulatory Influence: SEC’s 2023 rules require disclosure of “material” cyber incidents and governance practices in 10-K filings, increasing buyer scrutiny.
8.3 Cybersecurity in ESG Ratings
ESG Integration: Cybersecurity is now a key sub-component of the “G” in ESG.
Rating Agency Practices: MSCI, Sustainalytics, and ISS incorporate cyber practices in ESG scores. A firm’s breach history, CISO reporting line, and incident response capability are rated.
Investor Screens: Pension funds and sovereign wealth funds in Canada, Nordics, and the Middle East use cyber resilience as a pre-condition for investment.
Source: Investor and M&A insights compiled by Westbourne & Partners based on Marsh & McLennan [6], Moody’s [7], S&P Global [8], SEC [13], Verizon [10], Yahoo Inc. [11], and publicly available ESG rating methodologies.
Strategic Recommendations
Drawing on the global data, case studies, and industry insights presented in this report, we propose the following strategic recommendations for CFOs, board directors, CISOs, and institutional investors aiming to mitigate valuation risk and turn cybersecurity into a competitive advantage.
9.1 For Boards and CFOs
Treat Cyber Risk as Financial Risk: Integrate cybersecurity into enterprise risk management (ERM) dashboards, financial disclosures, and board agendas.
Enhance Reporting Structures: Ensure the CISO reports functionally to the CEO or CFO and regularly presents at board risk committees.
Invest in Pre-Breach Readiness: Allocate budget for penetration testing, red team simulations, tabletop exercises, and incident response planning.
Quantify Cyber Exposure: Use financial stress-testing models to quantify cyber event impacts under various scenarios.
9.2 For CISOs and Security Leaders
Align with Business KPIs: Map cybersecurity metrics to business performance indicators such as uptime, revenue impact, and customer retention.
Engage Investors and Rating Agencies: Prepare narratives and data for ESG evaluations, credit reviews, and investor due diligence.
Adopt Cyber Risk Quantification (CRQ): Use frameworks like FAIR (Factor Analysis of Information Risk) to express cyber risk in monetary terms.
Prioritise Supply Chain Security: Conduct third-party risk audits and require vendor attestation to ISO 27001/SOC 2 or equivalent.
9.3 For Institutional Investors
Demand Transparency: Require portfolio companies to disclose cyber risk exposure, governance practices, and breach history.
Integrate Cyber into ESG Scoring: Leverage third-party scoring models and insist on minimum cyber hygiene thresholds.
Engage in Shareholder Advocacy: Support proxy proposals calling for cyber disclosures and board cyber expertise.
9.4 For M&A Advisors and Legal Teams
Embed Cyber into Deal Flow: Include cyber assessments in LOI and due diligence checklists.
Update W&I Coverage: Work with insurers to tailor cyber warranties, exceptions, and post-deal monitoring.
Audit Disclosure Protocols: Ensure target companies follow modern incident disclosure norms to avoid post-acquisition liabilities.
Conclusion
This report has demonstrated that cybersecurity is no longer a peripheral IT concern but a board-level financial imperative. The empirical data shows clear correlations between cyber incidents and both short-term market reactions and long-term valuation consequences. With over 50 high-profile case examples, we have shown how breaches can result in billions in shareholder value erosion, deal repricing, and reputational damage that can persist for years.
As digital transformation accelerates, Artificial Intelligence becomes smarter, and cyber threats grow in sophistication, firms must evolve their governance models to treat cybersecurity as a strategic lever. Those who continue to underinvest or fail to disclose material risks face increasing pressure from regulators, institutional investors, and credit rating agencies.
The future of competitive advantage lies in resilience. The firms that embed cybersecurity into their enterprise risk frameworks, M&A protocols, and investor communications will not only mitigate downside risk but attract capital, retain customers, and differentiate themselves in the eyes of stakeholders.
Ultimately, cyber maturity is now a proxy for management quality, strategic foresight, and long-term value creation. It is time for CFOs and boards to lead the charge.
Bibliography
[1] British Airways, 2020. GDPR Enforcement Action. [online] Available at: https://ico.org.uk [Accessed 15 May 2025].
[2] Capital One, 2020. Annual Report 2020. [online] Available at: https://www.capitalone.com [Accessed 10 May 2025].
[3] Cisco, 2024. Cybersecurity Threat Trends. [online] Available at: https://www.cisco.com [Accessed 12 May 2025].
[4] Equifax Inc., 2019. Form 10-K Annual Report. [online] Available at: https://investor.equifax.com [Accessed 15 May 2025].
[5] IBM, 2023. Cost of a Data Breach Report 2023. [online] Available at: https://www.ibm.com/reports/data-breach [Accessed 15 May 2025].
[6] Marsh & McLennan, 2023. Cyber Risk Perception Survey. [online] Available at: https://www.marshmclennan.com [Accessed 11 May 2025].
[7] Moody’s Investors Service, 2019. Credit Ratings and Cyber Risk. [online] Available at: https://moodys.com [Accessed 12 May 2025].
[8] S&P Global, 2023. Cybersecurity and Credit Ratings: Increasing Materiality. [online] Available at: https://spglobal.com [Accessed 14 May 2025].
[9] SolarWinds, 2021. SEC Filing: Security Incident Disclosure. [online] Available at: https://investors.solarwinds.com [Accessed 13 May 2025].
[10] Verizon, 2017. Press Release on Yahoo Acquisition. [online] Available at: https://www.verizon.com/about/news/yahoo [Accessed 15 May 2025].
[11] Yahoo Inc., 2016. Security Notice on Breach Disclosure. [online] Available at: https://www.yahooinc.com/security-update [Accessed 14 May 2025].
[12] Zellis, 2023. MOVEit Vulnerability Incident Disclosure. [online] Available at: https://www.zellis.com [Accessed 10 May 2025].
[13] SEC, 2023. Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule. [online] Available at: https://www.sec.gov [Accessed 13 May 2025].
[14] World Economic Forum, 2024. Global Cybersecurity Outlook 2024. [online] Available at: https://www.weforum.org [Accessed 15 May 2025].
[15] FTI Consulting, 2023. Cybersecurity in M&A: The New Due Diligence Frontier. [online] Available at: https://www.fticonsulting.com [Accessed 28 May 2025].
[16] Deloitte, 2023. Cyber Smart: The Growing Importance of Cybersecurity in the Middle East. [online] Available at: https://www2.deloitte.com [Accessed 28 May 2025].
[17] PwC Middle East, 2024. Cybersecurity and ESG: Investor Expectations in the GCC. [online] Available at: https://www.pwc.com/m1 [Accessed 28 May 2025].
[18] World Economic Forum, 2024. Global Risks Report 2024. [online] Available at: https://www.weforum.org/reports/global-risks-report-2024 [Accessed 28 May 2025].
[19] Microsoft, 2024. Digital Defense Report 2024. [online] Available at: https://www.microsoft.com/security/blog/digital-defense-report [Accessed 28 May 2025].
[1] Accenture, 2023. State of Cybersecurity Resilience 2023. [online] Available at: https://www.accenture.com [Accessed 28 May 2025].
[2] Deloitte, 2023. Cyber Smart: The Growing Importance of Cybersecurity in the Middle East. [online] Available at: https://www2.deloitte.com [Accessed 28 May 2025].
[3] PwC Middle East, 2024. Cybersecurity and ESG: Investor Expectations in the GCC. [online] Available at: https://www.pwc.com/m1 [Accessed 28 May 2025].
[4] Microsoft, 2024. Digital Defense Report 2024. [online] Available at: https://www.microsoft.com/security/blog/digital-defense-report [Accessed 28 May 2025].
[5] Accenture, 2023. State of Cybersecurity Resilience 2023. [online] Available at: https://www.accenture.com [Accessed 28 May 2025].
[6] World Economic Forum, 2024. Global Risks Report 2024. [online] Available at: https://www.weforum.org/reports/global-risks-report-2024 [Accessed 28 May 2025].
[7] Comparitech, 2023. How data breaches affect stock market share prices. [online] Available at: https://www.comparitech.com/blog/information-security/data-breach-share-price-analysis/ [Accessed 2 Jun 2025]
[8] Privacy Rights Clearinghouse, 2023. Chronology of Data Breaches. [online] Available at: https://privacyrights.org/data-breaches [Accessed 2 Jun 2025].
[9] Risk Based Security, 2022. 2022 Year End Data Breach QuickView Report. [online] Available at: https://www.riskbasedsecurity.com [Accessed 2 Jun 2025].
[10] Have I Been Pwned, 2023. Breach Archive. [online] Available at: https://haveibeenpwned.com [Accessed 2 Jun 2025].
Identity Theft Resource Center, 2023.Annual Data Breach Report.[online] Available at: https://www.idtheftcenter.org [Accessed 2 Jun 2025].
8-June-2025