The cost of a data breach isn’t just from time spent fixing the issue and dealing with bad publicity. A company that loses customer data to hackers can expect to see its share price fall by an average of 5 percent, while losing between two and three percent of their customers.

That’s according to a new Ponemon study commissioned by Centrify Corp., which sells identity services and security solutions to enterprises. The study looked at the share price of 113 companies that had lost customer data, from 30 days before their breaches were made public until 90 days after it became known.

Those companies saw about 5 percent wiped off of their share price within a few hours of the news going public. On average it took them 45 days to recover those losses, though there was a marked difference between those firms seen as taking a strong stance on security and those viewed as careless. Companies that responded quickly to the breach generally saw their share price recover within seven days, but those with a weak response were still struggling to recover after 90 days. That highlights a need for organizations to be upfront and honest about what they’re doing to mitigate such incidents and prevent them from happening again, the study’s authors said.

The same companies lost between 2 and 5 percent of their customers following a data breach, Ponemon’s study found. That equates to a big financial hit, as the average annual revenue from those losses falls between $2.7 million and $4 million.

Ponemon’s study also quizzed three groups of people, including 292 chief marketing and communications officers, 313 information technology security professionals and 405 consumers. It found that just over half of those consumers said they had been informed by a company or government agency that their personal data had been stolen during a breach in the last two years. The study found that most consumers (76 percent) believe companies have a responsibility to safeguard their data, but just 46 percent of chief marketing officers and 44 percent of IT personnel agreed.

The study also highlights how consumers often misplace trust in certain industries. For example, just 24 percent of consumers have faith in credit card companies to protect their data, compared with 68 percent who said the same about healthcare firms. But in reality, credit card organizations are much more secure, accounting for just 4.8 percent of data breaches, compared with healthcare, which accounts for a massive 34 percent of such incidents.

Some disparities in the survey results do raise questions about its accuracy, however. Most notably, 40 percent of IT professionals interviewed said they had seen a data breach at their company involving the loss of more than 1,000 customer records or other business information in the last two years. Yet only 23 percent of CMOs and communications staff agreed, suggesting that either the sampling was skewed or that some are not being entirely honest.

Image: Christoph Scholz/flickr.com