Businesses can face any number of threats, as the coronavirus pandemic has reminded us. Demand can fall or supply chains can falter, but those kinds of threats have always existed.
The first reported ransomware attack happened in 1989, but the threat of these hacks has exploded in recent years, catching many companies — and investors — off guard. Ransomware is a form of cyberattack. The typical result is malicious people making some part of a company’s digital infrastructure unusable and demanding a ransom to fix the problem. The impacts can be far-reaching, especially if a company has to halt production to address the hack.
To get an idea of how investors react to these cyberattacks, MagnifyMoney researchers examined trade volume across 10 public companies that have announced ransomware attacks in the past few years. After these companies broke the news, trade volume jumped as much as 733%, but the stock price data perhaps shows such fervent reaction is unwarranted.
American consumers often take action when something on the news shocks or otherwise affects them. Reports of natural disasters or crime can spur donations or awareness campaigns, for example. And, according to MagnifyMoney research, reports of ransomware attacks can inspire stock market moves.
Among a sample of 10 public companies that announced these cyberattacks between 2018 and 2021, trade volume increased by 118%, on average, on the day of the announcements. Three of the companies examined saw trade volume jump by more than 100%, with the biggest change affecting Canadian communications equipment manufacturer Sierra Wireless, which saw a 733% increase in trade volume the day it announced on March 23, 2021, that it suffered a ransomware attack days earlier.
For some of the companies examined, trade activity decreased after their attack announcement. Greeneville, Tenn.-based shipping and freight logistics company Forward Air saw a 76% drop in trade volume after its cyberattack in December 2020.
Company | Stock ticker | Stock trade volume on day before announcement | Stock trade volume on day of announcement | Stock trade volume change | Stock trade volume change a week later |
---|---|---|---|---|---|
Sierra Wireless | SWIR | 144,000** | 1,200,000 | 733% | -88% |
WestRock | WRK | 1,185,713** | 2,991,997 | 152% | -20% |
Pitney Bowes | PBI | 2,719,650 | 5,782,935 | 113% | -72% |
Stride | LRN | 471,988** | 830,905 | 76% | -38% |
EMCOR | EME | 492,021 | 810,915 | 65% | -59% |
Carnival | CCL | 20,937,072** | 33,330,568 | 59% | 69% |
Dixie Group | DXYN | 54,786** | 80,539 | 47% | -29% |
Labcorp | LH | 390,327** | 442,146 | 13% | 48% |
Cognizant | CTSH | 5,052,631 | 4,955,549* | -2% | -13% |
Forward Air | FWRD | 458,104** | 110,237 | -76% | -100% |
*Ransomware attack was announced on Saturday, so day-of volume is from following Monday**Ransomware attack was announced on Monday, so day-before volume is from previous Friday
Every decision to buy or sell stocks comes with some level of risk, but the uncertainty introduced by a ransomware attack could make some investors apprehensive.
MagnifyMoney senior economic analyst Jacob Channel says these attacks don’t necessarily add risk to investment decisions.
“Investing in a company that is currently dealing with ransomware isn’t inherently riskier than investing in another company,” he says. “Ultimately, a company’s fundamentals are more likely to drive its long-term stock price up or down than a one-off ransomware attack is.”
It’s somewhat reasonable to think something like a ransomware attack may have a lasting impact on a company’s stock performance. However, stock prices data from the companies MagnifyMoney analyzed show these attacks may not largely hurt company performance.
Despite such a dramatic increase in trade volume, stock prices across the companies analyzed only fell by an average of 3% on the day the attacks were announced. A week after these announcements, prices were down by only an average of 1%, implying that if the attack and subsequent news impacted a company’s stock price, it didn’t last.
The stock price of Sierra Wireless — which saw the biggest trade volume jump among the companies analyzed — fell the most, dropping 12% the day it revealed its attack. A week later, the price was down only 4% from before the attack.
Just one company analyzed — Stamford, Conn.-based Pitney Bowes, an e-commerce and shipping technology company — saw its stock price rise after ransomware announcements. Pitney Bowes’ stock price jumped 7% the day it went public about its attack. A week later, its stock ended up dropping 7% below its price the day news of the attack broke. In fact, its stock price was just one cent off its price before the attack was announced.
Company | Stock price on day before announcement | Stock price on day of announcement | Stock price % change on day of announcement | Stock price a week after announcement | Stock price % change a week after announcement |
---|---|---|---|---|---|
Pitney Bowes | $4.93 | $5.28 | 7% | $4.92 | -7% |
Labcorp | $187.21** | $186.44 | 0% | $188.27 | 1% |
EMCOR | $79.12 | $78.39 | -1% | $77.83 | -1% |
Forward Air | $78.20** | $76.99 | -2% | $76.35 | -1% |
Stride | $23.75** | $23.33 | -2% | $22.14 | -5% |
Cognizant | $53.81 | $52.53* | -2% | $56.04 | 7% |
Dixie Group | $3.82** | $3.64 | -5% | $3.36 | -8% |
Carnival | $15.47** | $14.68 | -5% | $16.14 | 10% |
WestRock | $46.67** | $44.12 | -5% | $41.41 | -6% |
Sierra Wireless | $17.32** | $15.25 | -12% | $14.59 | -4% |
*Ransomware attack was announced on Saturday, so day-of price is from following Monday**Ransomware attack was announced on Monday, so day-before price is from previous Friday
Channel emphasizes the importance of looking at companies more holistically to make stock decisions rather than reacting to the news.
“The biggest threats to stock prices and profits are more likely to come from things like poor management or a lack of consumer demand,” Channel says. “As a result, it probably makes more sense for investors to worry less about ransomware attacks and more about things like whether a company is growing or making money.”
Further, a recent MagnifyMoney survey found 66% of investors who have made impulsive or emotional investing decisions — perhaps like the choice to sell company stocks in reaction to a ransomware attack — ended up regretting the decision.
Regardless of the impact, ransomware attacks appear to be happening more frequently than ever. Just six years ago in 2015, an investor could count on two hands the number of SEC filings that mentioned the term ransomware — eight. By 2021, that number had risen to 4,668 — and that’s just in the first eight months of the year.
Though company stock prices may not take a hit in response to these cyberattacks, companies recognize that security breaches are a growing threat.
Within the SEC filings, the most common forms in the first eight months of 2021 in which ransomware is referenced are 10-K annual reports (952 times) and 10-Q quarterly reports (697). The SEC requires all public companies to file these forms each year — a 10-Q form for each of the first three quarters, then a 10-K at the end of the year — disclosing general company financial performance and any potential risks. S-1 general forms, which companies use to register with the SEC, made up 476 of the filings mentioning ransomware.
These mentions vary in scope but imply companies may cite ransomware attacks as a growing and continuous threat to which they’re becoming increasingly vigilant.
But in addition to these general warnings, the number of 8-K filings with the SEC — filed when something important happens to a business and shareholders need to be notified — is also on the rise. Companies have filed 383 of these forms in the first eight months of 2021. In all of 2020, 209 8-K forms referenced ransomware, so 2021 filings are already far ahead.
Though companies appear to be taking a proactive approach to ransomware attacks, consumers seem to be most interested when the attacks get personal. Researchers analyzed Google Trends data dating to 2015 to determine when people search the term ransomware.
Search interest peaked in May 2017, coinciding with the WannaCry ransomware attack, which impacted more than 230,000 Windows PC users. Consumers themselves may have had their computers affected by this scheme or felt the effects through disrupted services from companies impacted.
Despite this global attack, search volume around ransomware fell and stayed low in the months and years following. In May 2021, search volume peaked again as fuel pipeline operator Colonial Pipeline announced a ransomware breach. Though this attack targeted just one particular company, it happened to be the lifeline of East Coast commuting, supplying gas for both cars and airplanes. When Colonial Pipeline was forced to shut down to address the attack, consumers flocked to gas stations, draining supply and further driving up prices.
Given states on the East Coast may have been most affected by the Colonial Pipeline ransomware attack, it appears many consumers in those states wanted to know more about these attacks or perhaps sought information prior. Seven of the 10 states with the most Google searches for ransomware since 2015 are found in the Northeast.
However, the residents searching the internet about ransomware most frequently live in Maryland, the District of Columbia and Virginia, respectively. It’s plausible those in and around the nation’s capital are more interested in defense against these kinds of attacks, which can threaten national security.
Companies and individuals should stay alert to possible ransomware attacks and protect themselves to the best of their ability by taking basic cybersecurity measures like backing up their files and using multifactor authentication on devices and digital accounts.
As for investment decisions, there isn’t much you can do as an individual to ensure a company in which you’ve invested will avoid one of these attacks. But if you’re thinking about buying or selling stock in reaction to news about a company dealing with these hackers, use these tips:
MagnifyMoney analyzed Securities and Exchange Commission (SEC) filings and Google Trends data dating back to 2016 to analyze how businesses and consumers are reacting to the growing threat of ransomware.
Additionally, researchers analyzed data for 10 public companies that filed reports between 2018 and 2021 saying they had been victims of a ransomware attack. To assess how investors reacted to these announcements, analysts looked at trade volume the day before the announcement, the day of the announcement and one week later. Analysts also pulled stock price data for those same periods.
If a ransomware attack was announced on a Saturday, the day-of volume and day-of stock price are from the following Monday. If a ransomware attack was announced on a Monday, the day-before volume and day-before stock price are from the previous Friday.