Companies are now financially penalized by banks for data breaches, according to a new study from the American Accounting Association.

In a new report titled “Do banks assess corporate data breaches?“The organization has found that banks are punishing businesses that lose their customers’ financial account information or social security numbers through data breaches with significantly higher interest rates and stricter requirements by in terms of guarantees and commitments.

The researcher behind the report analyzed data from 1,081 bank loans to publicly traded companies from 2003 to 2016. Of the 1,081 bank loans, 587 went to companies that had dealt with a data breach and 494 to companies that had not done so.

Henry Huang, co-author of the study and associate professor of accounting at Yeshiva University, said he wanted to find a way to quantify the financial consequences of violations.

The researchers compared companies in similar industries to see if those that had been breached saw any differences in how banks treated them. The report showed a clear link between higher interest rates and data breaches, those who suffered the most disastrous breaches were subjected to even harsher treatment from the banks.

But banks made a distinction between companies that had been hacked by criminal groups and those that had lost control of customer data due to accidents or mistakes.

Financial penalties were more severe for some industries, such as healthcare, business services, IT, electronic equipment and transportation. Surprisingly, companies known to have reputable IT departments have faced even harsher treatment from banks after breaches as “banks have had to further adjust their assessment of corporate security.”

“We also wanted to know what variables come into play. For example, we learned that there are things companies can do to mitigate damage after a data breach,” Huang said, mentioning actions such as l ‘hiring security companies to deal with the attack and strengthen IT security. systems.

“There are also valuable lessons here for accountants and auditors. It highlights the consequences of different types of data breaches in different industries, the importance of protecting confidential information and the value of corrective action after a breach. Huang added.

Cyber ​​security experts like Lamar Bailey, senior director of security research at Tripwire, explained that insurance rates and loan rates are all risk-based.

He compared it to credit scores and driving records that banks use for consumers, noting that the higher interest rates violated businesses face are “totally valid.”

“I would like to see a public safety risk score so that consumers can decide whether they want to do business with this company or give them personal data,” Bailey told ZDNet.

Panorays founder Demi Ben-Ari explained that since companies are held accountable for data breaches through data privacy regulations, it’s no surprise that banks are taking a similar approach by charging higher interest rates to risky organizations.

“The message is clear: organizations are responsible for protecting the data of their customers. To avoid cyber incidents, it is essential that companies thoroughly assess and continuously monitor their own cyber posture as well as that of the third parties they do business with, “said Ben Ari.

“Obviously, investing in such processes pays off in the long run. “