Cyberhedge ratings accurately predict ransomware attacks

A few weeks ago we highlighted how cyber governance has been a market difference maker for companies across all sectors since the pandemic. Here is the difference knowing good versus bad digital transformation has made over the last four years: $100 invested in the Russell 3000 four years ago is worth $148. $100 invested in CBH Indices in the US four years ago is worth $189 today. $100 invested in the Europe Stoxx 600 four years ago would have provided a flat return of $100 today while $100 invested in the CBH Indices in Europe four years ago is worth $167 today.

This outperformance is due to the fact that we have accurately picked winners and losers within every industry sector across every global market. It is not due to overweighting sectors that have outperformed, or underweighting sectors that have underperformed. This outperformance is consistent within each sector. Unique in a cyber industry full of buzzwords and intentional ambiguity, we explain what we do, make predictions and publish our results every month. Why? Because Cyberhedge believes that cyber risks should be measured against transparent, verifiable, market-based results.

When Cyberhedge places a 1 (worst) to 5 (best) rating on a company, we make a prediction on what direction the company’s share price will move, up or down, in the future, relative to other companies within its sector, based on how well or poorly it is managing its technology. Our ratings are based on a combined set of cyber and financial factors that impact a company’s performance—unlike any other ratings or cyber risk assessment firm in the world. The significant outperformance of the Cyberhedge indices prove that these predictions (and underlying assessments) are accurate. But why would cyber factors tell something about how well or poorly a company will perform in the market? For the same reason company financials can help predict how a company will perform in the future.

Analyzing the right mix of cyber factors provides another lens on how a company is operating. Combined with the right mix of financial factors—our CyFi™ (cyber-financial) analysis—Cyberhedge ratings provide a valuable and market-proven view into the future for customers, especially during times of significant volatility.

The Cyberhedge indices correctly predict the financial impact of technology management, but how do our ratings hold up against actual breach events?

Indiced Performance YTD

The below list is a collection of some of the most significant cyber-attacks over the past 18+ months, most of which are ransomware incidents. Cyberhedge highlights ransomware attacks because they are the fastest growing and by far the most financially damaging form of breach. They grew 100% YoY in the first half of 2020 and inflicted far and away the most acute financial pain of any form of attack. ISS, Travelex and Pitney Bowes are instructive examples of ransomware’s downside risk.

Breach Timeline

These companies were rated as 1-2 Star underperformers at the time of their breaches. Analysis shows that 1 and 2-Star rated companies are much more likely to experience financially damaging breaches than 4 and 5-Star rated peers. These are the same ratings that power the Cyberhedge Indices. They accurately predict the up and down movement in a company’s share price and tangible events impacting actual company networks, operations and investor portfolios.

The ratings accurately predicted breaches from sectors ranging from industrials and consumer discretionary to financial services, across every major global market.

But are we overstating the financial importance of ransomware?

Though ransomware has received elevated attention in 2020 and cybersecurity risk has crept up the rankings of business executives’ greatest concerns, the following response is still common: “yes, a breach hurts in the days and weeks after, but does it really matter?”

In short, yes, breaches do matter, and the chart below shows just how much in the form of equity price performance in the 3 months following these breaches.

Ransomware list

In summary, breaches matter to:

  • Shareholders: The average shareholder value loss of all of the above companies that experienced ransomware attacks = −24%. Some companies (Finablr) do not recover at all, others have yet to recover (PBI, Norsk Hydro), and others (ISS) are still early in their costly recoveries, months after their breaches.
  • Company financials: Ransomware was a prime contributor to the Finablr bankruptcy. It cost Pitney Bowes 14% of its annual operating income. To date it has cost ISS 33% of annual operating income and was followed by the exit of Group CEO Jeff Gravenhorst.

Debt markets: Companies with poor Cyberhedge CyFi™ (cyber-financial) 1-2 Star ratings are 2.5x more likely to experience a debt downgrade than companies with similarly poor financials, but better overall Cyberhedge CyFi™ (cyber-financial) ratings.


Average shareholder value loss of all of the above companies that experienced ransomware attacks


Drop in operating income for ISS post breach (as of August)


Companies with poor Cyberhedge CyFi™ (cyber-financial) 1-2 Star ratings are 2.5x more likely to experience a debt downgrade than companies with similarly poor financials, but better overall Cyberhedge CyFi™ (cyber-financial) ratings.

Bottom Line: With Cyberhedge ratings, investors better anticipate which companies in their portfolios are more and less likely to experience financially damaging breaches. They can better project whether companies will go up or down in equity value based on how well or poorly they are managing their technology—which has been the primary factor driving company outperformance or underperformance since the pandemic. And the C-suites of companies that receive our assessments have credible, real-time, market-validated insights—not guess work or arbitrary numbers—into how they are actually navigating technology risk.

In increasingly volatile markets, with digital technology ever more critical to any company’s future growth, there is a proven tool for lowering financial risk built for the future economy.

For more information, including company coverage, contact us at

This information represents Cyberhedge’s opinion only and is not investment advice or an investment recommendation. See full Disclaimer.

Subscribe to know first
who is up and who is down

This article is one in a series of upcoming articles over the coming months focused on why since COVID-19 the difference between best and worst technology governance has never been more important for companies and investors alike.


Check your e-mail to confirm subscribtion

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website