Wednesday’s news of a massive data breach at tech giant Microsoft (MSFT) might not seem like a good omen. After all, information on a quarter of a billion of the company’s customers got exposed online with no password protection.
That’s certainly not good.
But what might be beneficial is a potential opportunity for investors to make some money. At least that’s the theory based on an analysis of other public companies that got hit by hackers.
Ge ready for the post-hack bounce
In simple terms, traders with nerves of steel should now buy stock in Microsoft.
Why? History tells us there’ll be a substantial post hack bounce in the stock.
In the days after a major security breach hits the headlines, stocks of hacked companies will tend to outperform the market, according to a recent study at a peer-reviewed journal.
“In general, in the period following the breach announcement, the CARs [cumulative abnormal returns] are typically positive and increasing,” states the paper titled “Do security breaches matter? The shareholder puzzle.” It was published by the Journal “‘European Financial Management.”
The term ‘cumulative abnormal returns’ refers to the risk-adjusted gains or loss a stock makes over a given period. If the CAR is positive then that means the stock buyer made money over the period even taking risk into account.
The outperformance of these tends to last quite a while. “From immediately after the announcement in the media, over the next 10-20 days, the CRAs often reflect a significant increase in value,” the report states.
The mean extra return during the weeks after the media coverage surpassed 4%, for technology companies, according to the report. For chain stores, the figure averaged 6%, while for banks, it was 3%.
Note carefully, these figures on gains are based on averages, says Prof Allen Michel, a professor at the Questrom School of Business at Boston University. That means the extra return isn’t guaranteed and that some stocks may still have negative returns.
Why does this bounce happen?
When news of a company getting hacked hit the media, it usually comes side-by- side with a corporate pledge to beef up everything on data security matters.
Microsoft did it this time. Here’s part of the statement:
- “We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence.”
That and similar statements make any company look better relative to every other organization that isn’t making promises to shore up their cyber defenses, Michel says.
In other words, the promises tend to reassure investors who then pile back into the stock, driving the price higher.
Leakages?
There are some worrying findings from the study.
Notably, the hacked stocks typically saw a period of underperformance in the few days before a press report.
That reflects “a likely leakage of information,” the report states.
Or put bluntly, knowledge of hacks in general before they are public may be being used for nefarious purposes.
As well as Michel, the paper was researched and written by Israel Shaked, also from the Questrom School, as well as Jacob Oded at the Coller School of Management, Tel Aviv University. They studied data related to security breaches at public companies over the 12 years from 2005 to 2017.