Skip to main content
close search
site logo
Dive Brief

Data-breached companies face higher bank lending costs

Published July 27, 2021
Robert Freedman's headshot
Robert Freedman Lead Editor
A man looks at lines of code depicted on a computer screen
sestovic via Getty Images

Dive Brief:

  • Companies that suffer a data breach face a 22% higher loan spread and a 40-basis-point increase in borrowing costs on average, a study published in The Accounting Review finds.
  • Breached companies also tend to face a roughly 25% increase in loan covenants, say the researchers, Henry Huang, associate professor of accounting at Yeshiva University, and Chong Wang, assistant professor of accounting at Hong Kong Polytechnic University.
  • “Breached firms experience significantly higher increases in loan spread, the likelihood of collateral requirement, and [a higher] number of covenants,” the researchers say in the study, “Do Banks Price Firms’ Data Breaches?”
  • These costs come on top of the other consequences breached companies face, including costs for notifying customers, remediating the damage and fighting lawsuits.  

Dive Insight:

The study is based on a look at 1,081 bank loans to publicly traded companies over roughly a dozen years. 

Although the higher lending costs apply to breached companies across the board, the negative impact is worse for companies in what the researchers consider vulnerable industries, including healthcare, business services and transportation.

The impact is also made worse based on the number of customers impacted and whether the breach stemmed from a criminal hacking or an employee mistake. 

What’s more, the impact tends to be worse for companies with a reputation for strong internal controls. That's because the breach forces banks to make a greater adjustment in their risk assessment of the company than they otherwise would have.

“Banks have high expectations for firms with a strong IT reputation and significantly adjust their risk assessment of these firms following data breaches,” the researchers say.

Notwithstanding the fallout, companies that remake their internal controls into a best-in-class system might be able to reduce the impact on their borrowing costs. 

HEI Hotels & Resorts, for example, engaged outside data forensic experts after it was hit with a data breach in 2016. It also transitioned its payment card processing to stand-alone systems, and it reconfigured its point-of-sale and payment card processing systems. 

“This piece of anecdotal evidence suggests that a breached firm might be able to improve its information system shortly post-breach through a series of corrective actions, thereby mitigating some of the adverse consequences,” the researchers say.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Cybrid Responds to Market Demand for Stable, Efficient Cross-Border Payments with Enhanced Sta…
From Cybrid
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell