Data Breaches Now Cost More Than Just Data "The 8% drop in Victoria's Secret's stock, translating to over USD 150 million in lost market value, shows that cybersecurity breaches are now perceived as significant financial risks," says Manoj Joshi, Group CEO, SA Technologies

One of the primary reasons ransomware remains the favourite cyberweapon among malicious actors is its sheer profitability. In 2023 alone, ransomware gangs extorted over USD 1.1 billion in cryptocurrency payments from victims globally, according to blockchain analytics firm Chainalysis.

In India, nearly one million ransomware detections were reported in the past year alone. According to Palo Alto Networks' Unit 42 Extortion and Ransomware Trends (Jan–Mar 2025), the country experiences one ransomware incident for every 595 detections and one malware incident for every 40,000 detections, underscoring the volume and scale of cyber threats.

The volatile geopolitical climate makes the threat landscape even more complex. The industry is observing more trends in state-backed actors than ever before.

"In a rapidly transforming country like India, organisations are navigating a complex mix of modern and legacy changes. The rapid adoption of AI has empowered organisations and threat actors alike. This highlights the urgent need for organisations to bolster their cybersecurity framework and incorporate comprehensive security measures to fortify their defences against complex ransomware campaigns," said Huzefa Motiwala, Senior Director, Technical Solutions, India and SAARC, Palo Alto Networks.

Business fallout: the Victoria's Secret case

The impact of ransomware isn't limited to temporary technical disruptions; it strikes at the heart of business continuity and brand trust.

On 28 May 2026, lingerie retailer Victoria's Secret took its website offline following a cyberattack. Though the exact nature of the incident remains undisclosed, such outages are typically attributed to ransomware.

Commenting on the outage, officials said on the website, "Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in-store services as a precaution. Our team is working around the clock to fully restore operations… We appreciate your patience during this process. In the meantime, our Victoria's Secret and PINK stores remain open and we look forward to serving you."

Following the incident, Victoria's Secret saw an 8 per cent drop in its share price.

"The 8 per cent drop in Victoria's Secret's stock, translating to over USD 150 million in lost market value, shows that cybersecurity breaches are now perceived as significant financial risks," explained Manoj Joshi, Group CEO, SA Technologies.

Joshi further noted that investor reactions are swift and driven by anticipated disruptions to operations, potential regulatory liabilities, and reputational damage.

"With the average cost of a data breach reaching USD 4.45 million in 2023 (IBM), it's evident that robust cybersecurity isn't just an IT concern—it's fundamental to investor confidence and long-term enterprise value," he added.

Long-term damage

The brand reputation damage from a single cyberattack can be long-lasting, especially in trust-driven sectors like retail, healthcare, and BFSI.

"Absolutely," confirms Joshi. "A single attack can have a lasting impact on brand credibility. Yahoo's data breach, for instance, slashed USD 350 million from its acquisition value during the Verizon deal," Joshi said.

While citing the example from Ping Identity, Joshi emphasised, "Consumers aren't quick to forgive—81 per cent say they would stop interacting with a brand online after a data breach."

Echoing the same sentiment, Amit Jaju from Ankura Consulting said, "Cyberattacks can cause irreversible harm to brand trust and consumer loyalty. In Victoria's Secret's case, the reputational hit is significant. Studies show up to a third of customers may abandon a brand following a breach. In India, where consumer trust is built gradually, brands must invest in transparency and long-term recovery strategies to avoid lasting damage."

Lessons in data protection

The Victoria's Secret breach is a textbook example of why organisations must go beyond perimeter security.

"This breach is a wake-up call for proactive cybersecurity," says Joshi. "Businesses must invest in real-time threat detection, adopt zero-trust frameworks, and maintain clear, transparent communication when incidents occur.

One often overlooked aspect is third-party risk—Verizon's 2025 DBIR shows that vendor-related breaches have doubled to 30 per cent. Strong vendor governance is essential," Joshi explained.

For consumers, Joshi suggested simple but consistent practices like using strong passwords, enabling two-factor authentication, and avoiding suspicious links.