EasyJet breach a one-off or evidence of a larger problem? The answer will tell investors how well or poorly the carrier is positioned to weather the COVID‑19 crisis


British low-cost carrier EasyJet (EZJ) disclosed a customer data breach that the company says impacted 9 million customers. A majority of the data stolen was reportedly email and physical addresses, but a smaller percentage of customers reportedly had credit card details stolen. EZJ first became aware of the breach in January.



This breach happens at a time when the carrier is already under immense financial strain due to the disruption to air travel amid COVID‑19. A customer data breach does not have the same negative financial impact on a company as an operational disruption like a ransomware attack, but the reputational and legal costs will not be insignificant for an organization already under financial pressure. EZJ is reportedly now under investigation by British authorities for violating the UK Data Protection Act and will likely contend with a potentially more costly GDPR fine as well.

More importantly, this breach could be evidence of larger structural weaknesses in the company’s cyber posture—a greater threat to EZJ’s future prospects. The airline was a relatively early digital adopter, advertising how digital transformation has improved operational efficiency and customer service. But poor cyber governance, including the poor management of digital technology, places pressure on the operating margins of companies—an area where EZJ already has persistently lagged behind key competitors like Ryanair (RYA). We wrote previously about how RYA’s poor cyber governance, a 1-Star rated company, poses a threat to the company’s industry-leading operating margins.

Since cyber governance impacts shareholder value, EZJ shareholders should focus on whether this breach was on-off incident or an indication of more serious structural cyber weaknesses. An easy way to do this is to know whether the company is outperforming or underperforming on cyber governance.

COVID‑19 is proving to be a great catalyst for separating winners from losers, and with our digital future being brought forward, cyber governance provides a predictive indicator of how well or poorly the company will manage through the crisis overall.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website