Companies underreporting ransomware attacks means investors need outside tools and analysis to assess likelihood of breach and potential financial impact


The Europol ‘Internet Organized Crime Threat Assessment (IOCTA) 2020’ report calls Ransomware the most dominant cyber threat facing organizations, and points out that the reluctance of many victims to report attacks due to a desire to avoid reputational damage is causing difficulty for authorities to both accurately measure the scale of the threat, as well as to identify, investigate and respond effectively to breaches.

Europol also highlights the significant vulnerabilities posed to supply chains by attacks on third-party service providers, and that these companies feel under particular pressure to avoid operational disruptions that would ripple across their customer network.



The reluctance of companies to report Ransomware attacks is a problem for investors, regulators and other stakeholders, as the financial damage that can be caused by these attacks is material. Companies are required by regulations to publicly report financial metrics to investors and regulators, so that those groups can monitor and assess the company’s prospects. If a company’s factory burns down, a detailed investigation would take place so that the cause of the fire can be identified and lessons can be learned about how to prevent a future fire from starting, and how to prevent it from spreading to minimize damage. Considering the damage that a ransomware attack can cause, similar disclosures are warranted.

However, as long as companies remain reluctant to report breaches and regulations allow them to maintain this secrecy, investors need outside tools to help them assess a company’s vulnerability to cyber breach and its ability to respond effectively and minimize the operational and financial damage from an attack. In broad terms, investors need tools to help them categorize companies as ‘strong’ or ‘weak’ in cyber governance, to help them assess the companies’ future prospects. And similar to how companies’ market valuations are impacted by whether they are categorized by investors as ‘growth’ or ‘value’, Cyberhedge has found that companies’ market performance is also impacted by whether they are leaders or laggards in cyber governance.

The Cyberhedge Cyber Governance Indices prove that cyber governance impacts shareholder value. YTD performance of 5-Star and 1-Star companies in these indices since the lockdown confirm that the management of technology, including cyber risk, now has even greater bearing on market performance as top companies (rated 5-Star) across all sectors outperform while poorly rated 1-Stars dramatically underperform. This dynamic of market outperformance of the highest rated companies has been consistently shown by the Cyberhedge Cyber Governance indices since their launch in December 2016

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website