Study: How cybersecurity investment impacts loan rates
In 2022, the United States saw nearly 480,000 cyberattacks, a number that’s rising sharply. To protect individuals, several states have mandated data breach notification (DBN) laws, requiring businesses to notify people when their personal information is compromised.
A new study led by University of Texas at Arlington accounting professor Chandrani Chatterjee reveals that, while data breach notification laws aim to protect consumers by ensuring transparency, they can also increase borrowing costs for business. This is because lenders view companies facing potential data breaches as riskier investments and may raise interest rates to be more selective in approving loans, Chatterjee explained.
According to the research, businesses in states with DBN laws face an average loan interest rate increase of 39 basis points, costing U.S. businesses about $2.7 million annually. The cost was higher for breach-prone industries such as technology, health care and finance.
“Our research shows that businesses can reduce these financial impacts by being proactive about cybersecurity,” Chatterjee said. “This isn’t just about protecting data—it’s about building trust with lenders and reducing costs.”
The studies offers good news for businesses that invest in cybersecurity. Lenders view companies with strong cybersecurity practices or tech-savvy leadership as lower-risk, often resulting in more favorable loan terms.
Businesses with effective risk management and robust cybersecurity systems are better positioned to avoid financial penalties. This research underscores the importance of investing in innovative, forward-thinking cybersecurity strategies to navigate the financial challenges posed by today’s digital threats.