Companies gave CEOs a pay rise while cutting dividend payments and research and development investment in the wake of a data breach, analysis by researchers atWarwickBusiness School has revealed.\nScrutinising 41 publicly listed US companies that had suffered from data breaches (reported in the media), the researchers discovered affected business tended to increase pay to top brass in the five years that followed. Affected companies were also no more likely to fire their chief executive.\n \nBy comparison, the average CEO pay at firms that were not targeted by hackers fell by more than $2 million per year over the period studied (2004 to 2016).\n \n\u201cFirms that suffer a databreachdo not typically respond by firing the management, but by investing more in the existing CEO. At first sight, these results may look puzzling,\u201d said Dr Daniele Bianchi, assistant professor of finance atWarwick.\n \n\u201cHowever they are consistent with the idea that the average response is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered,\u201d she added.\n \nThe research, detailed inyet-to-be-published paperCyber Attacks and Stock Market Activity, also found that \u201caffected firms tend to pay less dividends and invest less in RD\u201d after suffering a breach.\n \n\u201cIncidents of securitybreachesthat reveal sensitive and confidential information can lead to litigation and government sanctions, but also to a loss of competitive edge against competitors through a reduction of resources dedicated to RD, dividend payments, or investments more generally,\u201d said co-author Dr Onur Tosun.\n \nThe researchers\u2019 analysis found reports of breaches \u2013 be they the result of stolen hardware, insider attacks, poor security or hacking \u2013 did lead to a stock market \u201cshock\u201d as investors rushed to sell their shares.\n \n\u201cThe main results show that daily excess returns drop, trading volume increases, and liquidity deteriorate upon the public disclosure of first-time corporate hacking events. The evidence suggests that trading volume increases due to selling pressure,\u201d the researchers write.\n \nThe shock selling, however, \u201cfails to incorporate the actual effect of security breaches on firms\u2019 profitability and cash-flows\u201d the researchers added.\n \nTypically the shock \u201cvanished after just two days\u201d.\n \nThe paper points to the example of Sony Pictures, andthe 2014 hackon the company which resulted in a massive amount of the company's internal documents and data being dumped on the Internet and a large number of its computers having their files wiped.\n \nShares plunged more than 10 per centimmediately after the attack, buta year laterwere up nearly 25 per cent. \n \n\u201cInterestingly, the empirical results show that the impact of security breaches is much weaker in the longer-term, which somewhat contradicts the conventional wisdom that hacking events have some sticky influence on companies\u2019 reputation and growth prospects,\u201d the researchers write.\n \nCyber incidents are not without cost to affected companies, of course.The potential direct economic loss of cybersecurity incidents \u2013 defined as tangible losses in revenue, decreased profitability and fines, lawsuits and remediation \u2013 on Australian businesses is AU$29 billion per year,according toa Microsoft commissioned report by Frost Sullivan.\n \nIBM'sCost of a Data Breachstudy for 2018reports the global average cost of a data breach is up 6.4 per cent over the previous year to US$3.86 million. The average cost for each lost or stolen record containing sensitiveinformation also increased by 4.8 per centyear over year to $148, according to the study.