As British Airways faces 800 million pound class-action suit, investors should be asking what steps C‑suite has taken to improve security


British Airways (BA) is now on the receiving end of the largest privacy class action lawsuit in UK history stemming from the airline’s massive 2018 data breach. The carrier admitted to the breach of personal and financial data for 400,000 customers.

Though British Airways was fined 20 million pounds by the UK privacy watchdog last year, this lawsuit is in the amount of 800 million pounds. UK authorities previously found BA’s security measures to be lax, “exposing customer data unnecessarily”.



Such a lawsuit could not come at a worse time for a carrier trying to chart a path to recovery amid the pandemic-induced travel slump. Data and the company’s digital technology are the most valuable resources BA has, and it failed to adequately protect it, evidenced by the breach.

Though 800 million is a massive figure for any company and the breach possibly had a negative impact on customer churn, it still does not rise to the level of financial and economic cost associated with a business interruption like ransomware. Consider the charges incurred by ISS World for its February 2020 breach—something the company is still reckoning with. 6 months post-breach, the share price was −21% relative to peers, and the ransomware’s financial impact led to a 33% drop in annual operating income.

This lawsuit is sure to draw attention from shareholders, but investors should be more focused on what steps company management has taken to reduce the likelihood of a similar breach in future. One step further, investors should be asking what steps have been taken to reduce the likelihood of a business interruption event that could prove far more costly for the carrier.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website