S2ERC Project: Market Implications of Data BreachesAuthors: Russell Lange and Dr. Eric BurgerDate: 16 December 2016AbstractThis report assesses the impact disclosure of data breaches has on the totalreturns and volatility of the affected companies’ stock, with a focus on theresults relative to the performance of the firms’ peer industries.

Table of Contents:Data Breaches and Leaks . . . 2Executive Summary . . . 2Dataset Composition . . . 3Analysis Method & Process . . . 5Output . . . 6Case Studies . . . 10Conclusions . . . 12Further Research . . . 13Acknowledgements . . . 13Appendices . . . 14Works Cited . . . 19Market Implications of Data Breaches 1

Data Breaches and LeaksAn Increasingly Common Cost of Doing BusinessAverage Cost per LeakedRecord: 158Average Cost per DataBreach: 4,000,000Inline with an increasingly connected and digital business environment, the incidence of cyber-attacksand consequences of data breaches has been growing. Research from Threatmetrix shows that thevolume of cyber-attacks is up 50% from the 2nd Quarter of 2015 through the 2nd Quarter of 2016, withthe greatest increase occurring in the rapidly growing financial technology industry within the largerfinancial services sector1. E-commerce remains a popular target for cybercriminals, with 69 millionattacks in the 2nd Quarter of 2016 alone2, according to ThreatMetrix (with each fraudulent accessattempt characterized as an attack). Along with the volume of cyber-attacks are increased costs to thecompanies affected by the breaches, as IBM’s Ponemon Research cites an increase in average costdue to a data breach increasing 5.5% from 3.79 million to 4.00 million from 2015 to 2016, with theaverage cost per stolen or leaked record increasing from 154 to 168 in the same period3. While costsare rising, research from Mandiant shows that the average number of days from breach to discoveryhas been reduced from 416 days in 2012 to 146 in 20164. While 146 days is still just under 5 monthsof unnoticed intrusion, the trend is encouraging, as the time to discovery greatly increases the cost ofa data breach.Costs associated with data breaches include investigative teams, announcement to consumers, legalconsequences, damaged systems, and disruption of business. While the average expense related to abreach is on average 4.0 million, the costs for major breaches can total tens of millions of dollars, asevidenced by Global Payments’ disclosure in 2013 of 121.2 million in direct costs related to a breachof data for 10 million credit cards5. Target similarly disclosed 162 million in breach-related costsfollowing their highly public 2014 breach6; Heartland Payments’ disclosed 129 million7. The highestcosts correlate to the larger and more sensitive breaches of information, and are typically more publicin disclosure due to the large scope. Concerns over privacy, disclosure, and emphasis on transparencyhas led to 2015 featuring the most publicly disclosed data breaches in history, according to Mandiant8.The Investor’s PerspectiveDisclosures from companies are intended to allow consumers to protect their information by closingtheir credit cards, changing their passwords, and monitoring their accounts for fraudulent transactions,but it also signals to the broader market hurdles that the announcing company faces. Breaches havebeen demonstrated to be highly costly, and included in the costs that must be considered are thedamage to the company’s brand and loss of business. While research has been conducted on the directand indirect costs to businesses associated with data breaches, less research has focused on thefinancial ramifications for investors in these breached companies. From a financial perspective, arational investor theoretically values a company based on the expected future cash flows of thecompany, which are affected by changes in revenues and expenses. A breach will typically lead tolarge, one-time or recurring legal expenses, administrative expenses, and potentially decreasedrevenues through loss of customers or disruption in business operations. Should an investor considerthese significant, the investor would either sell or sell-short the stock of companies that disclose abreach.Breach Instances Assessed:64Average Number of LeakedRecords per Breach:30,000,000In this report, the effects of data breaches were assessed as they relate to companies’ stock prices,performance relative to their peer indices, the volatility of their equity relative to their peers, and theircorrelation to their peers in the changes in their volatility. In all metrics assessed, the null hypothesiswas that the disclosure of a data breach by a publicly traded company had no impact on the stock priceor volatility of the company’s underlying equity. The goal of the research was to assess whether, in theevent of a data breach, an investor should act on the news or ignore the noise.Executive SummaryKey Findings While the difference in stock price between the sampled breached companies and their peerswas negative (-1.13%) in the first three days following announcement of a breach, by the 14th1ThreatMetrix, Q2 2016 Cybercrime Report, 2016ThreatMetrix, Q2 2016 Cybercrime Report, 2016Ponemon Institute, 2016 Cost of Data Breach Study: Global Analysis, 20164Mandiant Consulting, M-Trends 2016, 20165Global Payments, 2013 Form 10-K, 20136Target, Form 10-K, 20157Heartland Payments, 2009 Form 10-K Annual Report, 20108Mandiant Consulting, M-Trends 2016, 201623Market Implications of Data Breaches 2

day the return difference had rebounded to 0.05%, and on average remained positivethrough the period assessed.For the differences in the breached companies’ betas and the beta of their peer sets, thedifferences in the means of 8 months pre-breach versus post-breach was not meaningful at90, 180, and 360-day post-breach periods.For the differences in the breached companies’ beta correlations against the peer indicespre- and post-breach, the difference in the means of the rolling 60-day correlation 8 monthspre-breach versus post-breach was not meaningful at 90, 180, and 360-day post-breachperiods.In regression analysis, use of the number of accessed records, date, data sensitivity, andmalicious versus accidental leak as variables failed to yield an R2 greater than 16.15% forresponse variables of 3, 14, 60, and 90-day return differential, excess beta differential, androlling beta correlation differential, indicating that the financial impact on breached companieswas highly idiosyncratic.Based on returns, the most impacted industries at the 3-day post-breach date were U.SFinancial Services, Transportation, and Global Telecom. At the 90-day post-breach date, the3 most impacted industries were U.S. Financial Services, U.S. Healthcare, and GlobalTelecom.Dataset CompositionBreaches, Ticker, & Announcement DateThe analysis began with a dataset of 235 recorded data breaches dating back to 2005. The samplewas reduced to 64 incidents, which represented breaches of companies that were publicly traded atthe time of the breach and had sufficient financial data and pricing data publicly available for analysis.Broker/DealersTD AmeritradeAmeritrade Inc.Softw areAdobeBlizzardHealthcareAnthemCommunity Health SystemsInsuranceTriple-S SaludHealth NetGlobal TechnologySegaSony PicturesSony Online EntertainmentSony PSNTransportationBritish Airw aysUPSFinancialsExperianJP Morgan ChaseCitigroupRBSBNY MellonNASDAQGlobal PaymentsHeartlandCheckFree CorporationFidelity National Information ServicesGlobal TelecomTalkTalkKT Corp.VodafoneT-MobileU.S intendoUbiSoftFacebookYahoo JapanAppleYahoo VoicesIBMMonster.comHew lett PackardConsum er DiscretionaryWendy'sVTechTw itch.tvStaplesHome DepotDominos Pizzas (France)EbayTargetZapposWashington PostHonda CanadaStarbucksGap IncTK / TJ MaxxU.S TelecomVerizonAT&TFigure 1: Industry CategorizationThe list of breached companies was sourced from, idTheftCentre, and press releasesand compiled by Miriam Quick, Ella Hollowood, Christian Miles, and Dan Hampson in an opendatabase9. The initial reduction in breach observations was elimination of government and privateorganization breaches, such as universities, the military, and non-public companies. The remainingcompanies were individually checked to ensure they were public at the time of breach. Companies thatwere subsidiaries or wholly-owned at the time of breach, such as MySpace (NewsCorp), Tumblr(Yahoo), and Court Ventures (Experian) were assigned the tickers of their parent companies.Companies for which insufficient pricing data was available were excluded from the sample, such asAdult Friend Finder and Mail.Ru.9Information Is Beautiful, World's Biggest Data Breaches, 2016Market Implications of Data Breaches 3

Companies were included regardless of pending or completed mergers and acquisitions (M&A). Forexample, Yahoo is included in the set despite currently being in the process of being acquired byVerizon10. As the set is being considered from the perspective of the investor, developments such asM&A (and failed M&A) cannot be excluded from the set, as the investor would be impacted by theseprocesses. In addition, it is possible that M&A could be initiated due to the stock price moving to anattractively low level on breach news, or that existing acquisition deals could be exited or invalidatedthrough a material breach, as is the present possibility for the Yahoo/Verizon deal.Following assignment of the ticker for the breached party, the date of the breach’s announcement wasassigned to the data point. The date relates to the earliest public disclosure of the breach, either througha press release or news article. In instances where information regarding the data breach wasmeaningfully adjusted, as was the case in the 2016 Wendy’s breach, the date of the revision was usedfor the dataset. The purpose of using the announcement date as opposed to the determined date ofthe breach is that for the breach to affect the stock price, the market must be aware of the event, andthe news must be actionable. So, while Tumblr only became aware of and announced a breachaffecting 65 million users in May 2016, the breach occurred in 2013. Without knowledge of the breach,the market had no ability to act on the event in 2013, and could only price in the ramifications once thebreach was announced in 2016. Therefore, the 2016 date was used for the Tumblr breach.Industry CategorizationFigure 2: Data Point Count by YearIn order to provide a basis for comparison against a peer set, each data point was assigned an industryindex from the BlackRock iShares Industry Exchange-Traded Funds (ETFs). Ideally, categorizationwould be as specific as possible, using the sub-sector ETF to the company as opposed to the broadindustry. Unfortunately, due to the relatively small dataset, exact assignment (such as Home Depotwith the U.S. Home Builders ETF [ITB]) meant that the industry group had only one data point forsummary statistics, which was not meaningful. Therefore, companies such as Home Depot were put inbroader categories, such as Global Consumer Discretionary (RXI), which contains Home Depot as oneof its holdings, but is not as specific as Home Builders. All companies were checked against thecomposition of the assigned indices to ensure they were a part of the ETF. Exceptions to this areprimarily in the U.S. Financial Services category, which includes Experian and RBS. The justificationfor this decision is that the index for EXPN and RBS, Global Financials (IXG), has a 0.92 correlationcoefficient to U.S. Financial Services over the minimum and maximum period in the study (2005 –2016), and trade similarly enough to not justify bifurcating the two industries and reducing the value ofindustry averages. Other industries which were bifurcated were done so due to lower correlations, suchas Global Telecom and U.S. Telecom having a 0.85 correlation coefficient over the analysis period butdropping to 0.40 – 0.60 in 2005, 2013, 2014, and 2016, indicating highly variable correlation.IndustryiShares ETFU.S TechnologyIYWU.S TelecomIYZGlobal Consumer Disc.RXIGlobal TelecomIXPTransportationIYTU.S HealthcareIHFGlobal TechnologyIXNU.S Home ConstructionITBGlobal Consumer StaplesKXIN.A. Softw areIGVU.S FinancialsIYFU.S Consumer ServicesIYCGlobal IndustrialsEXIU.S InsuranceIAKU.S Broker/DealersIAIFigure 3: Assigned ETFsFigure 4: Industry BreakdownThe majority of the breaches impacted companies in the Technology industry broadly, at 33% of thebreaches in the set, followed by Consumer Discretionary and Financials.10Wall Street Journal, Verizon to Bid 3 Billion for Yahoo’s Web Assets, 2016Market Implications of Data Breaches 4

Sourcing Financial DataIn order to assess the company’s equity, pricing data and daily beta values were pulled. The stock pricedata was pulled from Yahoo Finance, using the Adjusted Close Price, in order to take into accountdistributions, stock splits, and other potential irregularities not captured by the simple close. This onesource and type of price was used for all the indices and stock prices in order to ensure standardization.The data for the betas of the dataset was sourced from a Bloomberg Terminal, using the daily equitybeta. Again, the same source and method was used for all indices and stocks.Analysis Method & ProcessAssessing the DatasetIn order to determine whether the announcement of a data breach was a material concern for aninvestor, the primary focus of the research was on the relative returns and volatility of the stock. In orderto do so, five primary values were utilized or calculated: Simple Return:(𝑝𝑛 𝑝𝑛 1 )𝑟 𝑝𝑛 1Differential Return: 𝑟 𝑟𝑠𝑡𝑜𝑐𝑘 𝑟𝑖𝑛𝑑𝑒𝑥Daily Stock Total ReturnDaily Index Total ReturnDaily Stock BetaDaily Index BetaRolling 60-Day Correlation Between Stock and Index BetaStock Price UsesThe daily stock and index total return is similar to the price change, but as the adjusted closing stockand index price is used, distributions are taken into account in addition to the simple movement of thestock. The simple price change does not take into account the totality of the returns, and as the investoris the focus, it is important to do so. Stock and index prices were taken for each breach instance foreight months prior to the breach announcement date and 18 months after in order to establish thepreceding stock price and volatility trends as well as the movement post-breach. Exceptions to thistimeline occur for firms which were only recently public at the time of breach and do not have a full eightmonths of preceding data and firms for which the breach occurred within 18 months from the time ofpulling the data (Oct. 2016). Subtracting the daily return of the stock from the daily return of itsrespective index yields an excess or differential return, with a positive value indicating the stockoutperformed its index and a negative value indicating underperformance.Figure 5: Simple vs. Differential Return over 14 Day Period (Select Industries)When assessing the impact of a data breach, the differential return value is more valuable than thesimple return, as it shows the stock’s change relative to the index, which reduces the impact of industrywide trends on the stock price. For example, if a stock decreased 20% over a duration of time, but theindex decreased 40% in the same period, the stock actually outperformed its peers despite the negativeabsolute return. Similarly, if a company’s respective industry index was up 10% over a period of timeand the company’s stock was down 2%, the 12% underperformance is a strong indication ofidiosyncratic factors negatively affecting the stock. For the analysis, the companies’ differential returnswere observed at days 3, 14, 90, and 180 post-breach announcement, in order to capture the immediatemarket reaction as well as the mid-term trend.Market Implications of Data Breaches 5

Beta Value UsesBeta Coefficient:𝛽 𝐶𝑜𝑣(𝑟𝑠𝑡𝑜𝑐𝑘 , 𝑟𝑚𝑎𝑟𝑘𝑒𝑡 ach Excess Beta:̅̅ 𝛽𝑝𝑟𝑒 𝛽𝑠𝑡𝑜𝑐𝑘 𝛽𝑖𝑛𝑑𝑒𝑥Where β values are pre-breachPost-Breach Excess Beta:̅̅ 𝛽𝑝𝑜𝑠𝑡 𝛽𝑠𝑡𝑜𝑐𝑘 𝛽𝑖𝑛𝑑𝑒𝑥Where β values are post-breachExcess Beta Differential: 𝛽𝑑𝑖𝑓𝑓 𝛽𝑝𝑜𝑠𝑡 𝛽𝑝𝑟𝑒The beta values of the stock and index serve as a measure of volatility, and measure the strength ofmovement in the price of a security relative to the market (typically, the S&P 500). The value is derivedby regressing the daily returns of an equity against the daily returns of the market. The coefficient ofthis regression is the beta value, which shows the movement of the equity relative to a 1% movementin the market. For example, a stock with a beta of 1.3 would theoretically move 1.3% either positivelyor negatively for a positive or negative 1% move in the market, implying the equity is 30% more volatilethan the market. This is important information, as the beta value is used as a proxy for risk for equities,implying that the higher a stock’s beta, the riskier the stock is. Increases and decreases in the betavalue of a stock can be used to assess the volatility—and therefore risk—of an asset over time.For the analysis of the dataset, the differential between the beta of the stock versus the beta of its indexbefore and after the breach was used to illustrate the change in volatility of the stock postannouncement, while eliminating industry-wide changes in volatility. This resulting value demonstrateswhether or not the stock became more or less volatile relative to its industry as a result of the breach.If a stock has a beta that is 0.05 greater than its index pre-breach and 0.12 post-breach, the 0.07differential between the two shows the stock as incrementally more volatile post-breach than pre-, whichis a negative consequence for the firm.The final method of analysis continues with the use of the beta values, but instead of the straightdifferential, assesses the relationship between the stock’s beta and the beta of the index. This is donethrough calculating a rolling 60-day correlation daily for all values pre-breach and all values postbreach, and taking the average pre- and post-. The post-breach average is done through the days 90,180, and 360 post-breach. The difference between the average pre- and post-breach aims to show ifthere is a meaningful divergence or decoupling between the direction and magnitude of movement ofthe stock relative to the index. A negative value indicates that the stocks magnitude and direction ofmovement has become less related to that of its index since the breach announcement, while theopposite implies the contrary. The purpose of this additional analysis is to remedy the possibility thattaking the average difference between the daily betas obfuscates the changes in the stock’s volatility,which would be more visible through the correlation value.The beta differential pre- and post-breach and beta correlation differential pre- and post-breach wereassessed for significance using a two-sample t-test, while the price differentials were simply observed.OutputSummary ResultsThe following table shows the summary of the analysis grouped by industry. The overall average showsa slightly lower differential beta, indicating lower overall volatility post-announcement, which is counterintuitive. The correlation differential is also negative, which shows slightly less correlation to the beta ofthe index. Returns, overall, are negative only for the first observation, at the three days post-breachannouncement date.CategoryIdentifierExcess BetaRolling CorrelationPre/Post Differential Pre/Post DifferentialCountAverageAverageObservations3 Day ReturnDifferentialAverage14 Day ReturnDifferentialAverage90 Day ReturnDifferentialAverage180 Day .0537)-1.13%0.08%2.01%3.67%By Industry:U.S TechnologyU.S TelecomGlobal Consumer DiscretionaryGlobal TelecomTransportationU.S HealthcareGlobal TechnologyNorth American Tech Softw areU.S FinancialsU.S InsuranceU.S 5.82%-11.88%-2.73%6.17%-6.14%2.80%4.98%Figure 6: Summary Results by IndustryDifferentiating by industry reveals large differences in the averages between industries. The smallsample size for all of the industries (nmax 16) makes summary statistics of diminished value, and makesMarket Implications of Data Breaches 6

significance testing of returns by industry less meaningful. That said, the data lends itself to someinteresting observations.Simple and Differential Return ObservationsOn a simple return basis, the majority of industries (8 of 11) were down on a three-day basis, at anaverage of -0.87%. By day 90 however, all but four industries were up on an absolute basis. Despitethe initial loss, by the fifth day post-breach, the average return for the dataset was positive on anabsolute basis.Figure 7: Simple (Absolute) Return for Selected IndustriesBecause the times at which the breaches occurred were different and trends affecting the markets weredifferent at different times, the averages on an absolute basis offer less insight than the spread betweenthe return of the stock and its index. On a differential basis, 9 of 11 industries were down on day three,at an average of -1.18%. Loss leaders were, in order of magnitude, Transportation, Financials, andGlobal Telecom, while least affected industries were Insurance, Broker/Dealers, and Software. At the180-day mark, 5 of 11 industries were still negative relative to their index, led by Healthcare, Financials,and Transportation. The least affected were Consumer Discretionary, U.S. Tech, and Global Telecom.Figure 8: Differential (Relative) Return for Select industriesMarket Implications of Data Breaches 7

Individual stocks which performed the most poorly individually were relatively divergent amongindustries. Heartland consistently performed the most poorly against its index in all periods assessed,as the breach compromised its business model. TalkTalk, a London-based telecom, experienced adecline in consumer confidence which led to predictions for large loss of customers 11, which wasreflected in the stock price movement. Apple’s place in the 180-day differential is surprising, due to itssize and the quality of the company. A look at the circumstances of the time show that the stock peakedaround the time of the breach before declining significantly—but that the cause was related to analystpessimism about the performance of iPhone 5 sales12. The breach, therefore, was not the main causeof the decline. The same cannot be said for Sony, which experienced breaches in multiple businessunits within in a relatively short period of time, and subsequently underperformed its st 3 Day Return Differential in Total Return vs. IndexCompanyAnnouncementBreach 5157,000CheckFree Corporation12/3/20085,000,000British Airw ays4/3/2015500,000Sony PSN4/26/201177,000,0003 Day Return 345Index5178250898406963130718841Largest 180 Day Return Differential in Total Return vs. IndexCompanyAnnouncementBreach 67,232Sony Pictures6/2/20111,000,000Sony PSN4/26/201177,000,000Community Health Systems8/18/20144,500,000180 Day Return ure 9: Largest Impact on Return Differential (3 & 180-Days Post)Excess Beta Differential ObservationsThe excess beta differential gives an indication of the company’s stock price volatility relative to itsindex. The “excess” refers to the degree to which the stock’s beta is higher or lower than its index. The“differential” refers to the difference between the excess values pre-breach and post-breach. A positivevalue indicates that the stock’s beta has increased in volatility relative to its index after the breachannouncement. A negative value implies the opposite. In the industry summary, the post-breachaverage is for all values through 90 days post-breach. While the expectation was for heightenedvolatility, the data shows decreased volatility in all industries except for very minor increases inHealthcare and Software. At the 180-day and 360-day periods, Consumer Discretionary turns slightlypositive as yFacebookSegaRBS WorldpayVTechCourt VenturesLargest Excess Beta Differential vs. IndexAnnouncementBreach xcess Beta Differential0.15070.13280.08000.07980.0721Figure 10: Largest Impact on Beta DifferentialIn the individual company statistics, Facebook’s value is notable. In this instance, it seems the higherbeta was mostly as a result of consistent upward movement in excess of the index over the assessedperiod. The consistent spread over the index (IYW) is interpreted by the calculation as increasedvolatility, when in reality in this instance it is actually a benefit. The Facebook breach was in the formof a leak which made public 6,000,000 users emails and phone numbers to their friends, which wasevidently not deemed material. Sega’s similarly high differential could be attributed to consistent1112IT Pro UK, TalkTalk hack: Teenager admits to seven charges of hacking, 2016MarketWatch, Apple gives worst performance in a year, 2014Market Implications of Data Breaches 8

outperformance over the index. RBS, VTech, and Court Ventures (EXPN owned), however, significantlyunderperformed their indices.Rolling Correlation Differential ObservationsThe rolling correlation differential statistic calculates a correlation value between the stock’s beta andits index’s beta for the trailing 60 days of values. The difference represents the change in correlationbetween the figures pre- and post-breach. If the correlation decreases, represented by a negativenumber, the interpretation is that the stock’s beta (volatility) is moving less in tandem with its index’sbeta (volatility). As the beta measures the magnitude and direction of the stock’s movement, adivergence illustrates a change relative to the company’s peer set. The average of the rolling valuesshould highlight changes in movement more explicitly than just the average of the beta. For example,if the stock’s beta rises to 3 from 1.5 before falling to 0.0, the average value of the change wouldobfuscate the movement. However, assuming the index beta stayed flat over the time period, bothmovements would decrease correlation to the index, which would be revealed in the average. In thesummary, all indices except for U.S. Tech, Transportation, and Insurance showed decreasedcorrelation to the beta of its index. For the 90-day post-breach period, the number of industries withdecreased correlation increases to 5 out of 11 industries, but remains 3 out of 11 for the 360-day period.For the individual companies, Yahoo’s decoupling from its index is likely due to the pending takeoverbid from Verizon, which has stabilized and increased the price relative to the index. Court Ventures andGlobal Payments both show increased volatility and high change in the correlation, which could be aresult of the impact of the breach 98Largest Correlation Differential vs. IndexCompanyAnnouncementBreach SizeT-Mobile, Deutsche 0Court Ventures10/20/2013200,000,000Ameritrade Inc.10/24/2006200,000Global Payments3/30/20127,000,000Correlation 8)Figure 11: Largest Impact on Correlation DifferentialSignificance TestingIn order to determine if the changes in the average beta differential and rolling correlation differentialwere significant between the pre-breach and post-breach populations, a simple two-sample t-test wasused. The results of the t-test do not reject the null hypothesis, which allows for the conclusion that theincidence of the breach is not meaningful in increasing or decreasing the volatility of the stock.Post-Breach t 0 90BetaPre-BreachPost-BreachBeta CorrelationPre-BreachPost-BreachPost-Breach t 0 180BetaPre-BreachPost-BreachBeta CorrelationPre-BreachPost-BreachPost-Breach t 0 360BetaPre-BreachPost-BreachBeta 2230.1460.3780.347SE 70.0431.2000.233SE MeanSE MeanFigure 12: Summary of t-test ResultsMarket Implications of Data Breaches 9

The data shows no meaningful relationship, with the values north of 0.60 for all but the rolling betacorrelation with the post-breach average through days 180 and 360, which are 0.27 and 0.23,respectively. While this is a lower value than the rest of the statistics, it is nevertheless considerablyhigher than necessary to determine significance.Multiple Regression AnalysisA multiple regression analysis was conducted on the output values of the dataset to attempt to identifyany relationships with the known variables.The response variables were: 3-Day Return Differential14-Day Return Differential90-Day Return Differential180-Day Return DifferentialExcess Beta Differential (Pre vs. Post)Rolling Correlation Differential (Pre vs. Post)The continuous predictors were: Breach Annou

1 ThreatMetrix, Q2 2016 Cybercrime Report, 2016 2 ThreatMetrix, Q2 2016 Cybercrime Report, 2016 3 Ponemon Institute, 2016 Cost of Data Breach Study: Global Analysis, 2016 4 Mandiant Consulting, M-Trends 2016, 2016 5 Global Payments, 2013 Form 10-K, 2013 6 Target, Form 10-K, 2015