The effect of cyber-attacks on stock returns

A widely debated issue in recent years is cybercrime. Breaches in the security of accessibility, integrity and confidentiality of information involve potentially high explicit and implicit costs for firms. This paper investigates the impact of information security breaches on stock returns. Using event-study methodology, the study provides empirical evidence on the effect of announcements of cyber-attacks on the market value of firms from 1995 to 2015. Results show that substantial negative market returns occur following announcements of cyber-attacks. Financial entities often suffer greater negative effects than other companies and non-confidential cyber-attacks are the most dangerous, especially for the financial sector. Overall findings seem to show a link between cybercrime and insider trading

Rent Appropriation in Strategic Alliances: A Study of Technical Alliances in Pharmaceutical Industry

Many existing alliance studies have investigated how embedded relations create superior value for organizations. The role of network structure in rent appropriation or pie splitting, however, has been underexplored. We propose that favorable locations in interorganizational networks provide firms with superior opportunities for appropriating more economic benefits from alliances than their partners do. Specifically, we argue that partners’ asymmetric network positions will lead to unequal brokerage positions that promote disparate levels of information gathering, monitoring, and bargaining power, which lead to differing capacities to appropriate value. This in turn results in variations in market performance. We also propose this brokerage position exacerbates existing inequalities such as commercial capital; thus, available firm resources will moderate such network effects. Evidence is presented in the form of market response to technology alliance announcements from a set of pharmaceutical firms. In general, we find that firms within central network positions and those spanning structural holes have higher returns than their partners. In addition, we show that this relationship is contingent upon available firm resources

Intruder Alert? How Stock Markets React to Potential IT Security Breaches: The Case of OpenSSL Heartbleed

This exploratory study investigates how potential information technology security breaches affect stock prices. Previous research indicates that stock markets tend to punish firms that experience unsolicited disclosure of information and proprietary data. However, little research exists on the question of whether firms are punished for creating the mere potential for data theft. Based on the information boundary theory, we design our exploratory research model. Subsequently, we utilize a sample of 4,147 stocks of firms headquartered in 43 countries to conduct multiple event studies. We reveal a delayed adverse stock market response to potential IT security breaches as well as a discrimination among firms operating in different industries. Consequently, this work enhances the understanding of the full economic impact of information security measures by shedding light on previously neglected hidden costs

Do Security Vulnerability Announcemnets Impact Software Vendors - An Event Study Analysis

In this paper, we use the event study methodology to examine the role that financial markets play in determining the impact of vulnerability disclosures on software vendors. We collect data from leading national newspapers and industry sources by searching for reports on published software vulnerabilities. Our main result is that vulnerability disclosures do lead to a negative and significant change in market value for a software vendor. On average, a vendor loses around 0.6% value in stock price when a vulnerability is reported. To provide further insight, we use the information content of the disclosure announcement to classify vulnerabilities into various types. This is the first study to measure vendors’ incentive to develop secure software and also provides many interesting implications for software vendors as well as policy makers

Has Decreasing Innovation Hurt the Stock Price of Information Security Firms? A Time Series Analysis

Prior research has shown that information security breaches are beneficial to the stock price of information security firms, around the time that these security breaches are announced. We, however, show that the overall trend in the market value of information security firms has actually been stagnating, despite an increasing number of security threats that exploit vulnerabilities in information systems. We attribute this decrease in the stock price of information security firms, after controlling for overall market conditions, to insufficient innovation on the part of information security firms. We apply time series regression methods to analyze the relationship between R&D intensity and the stock price of information security firms. This empirical work provides a plausible explanation for the decrease in the stock price of information security firms, despite high demand for their products and services

The Impact of Federal and State Notification Laws on Security Breach Announcements

Firms are under increasing regulatory pressures to protect consumers’ confidential information. The focus of this article is to examine the impact of federal and state breach notification laws in coaxing organizations to improve security of customers’ confidential information. Specifically, we use event-study methodology to examine the impact of security breach announcements on the market value of firms during the period before and after the enactment of this legislation. Our results show that the negative impacts of security breach announcements on stock prices have been reduced significantly after the enactment of federal and state security breach notification laws

UNDERSTANDING THE COST ASSOCIATED WITH DATA SECURITY BREACHES

To estimate the cost of a data breach to the inflicted firm, this study examines the relationship between a breach incident and changes in the inflicted firm’s profitability, perceived risk, and the inflicted firms’ information environment transparency. Profitability is measured as reported earnings and analysts’ earnings forecasts. Perceived risk is measured as reported stock return volatility and dispersion among analysts’ forecasts. Although a number of studies have investigated the stock market reaction surrounding the disclosure of a breach incident to quantify the cost associated with breaches, we argue that there exists information uncertainty and deficiency in the disclosure of the breach incident and stock market reaction surrounding a security breach announcement date may not be the best measure for the cost of security breaches. And research using other complementary measures is warranted. Our preliminary finding suggests that data breaches negatively impact firm profitability, perceived risk and information transparency. Nevertheless, the damage of a breach most likely stems from direct costs such as compensation and litigation costs rather than indirect costs such as tarnished reputation and a decrease in market share and sales. More sophisticated analysts are also found to add value in estimating the real cost of a security breach

Steel Safeguards and the Welfare of U.S. Steel Firms and Downstream Consumers of Steel: A Shareholder Wealth Perspective

This paper analyzes the steel safeguards implemented and subsequently removed during 2001-2003. Our results reveal that for shareholders of U.S. steel companies, safeguards generated positive “abnormal” returns of approximately 6%; and the cancellation of the safeguards resulted in wealth gains of about 5%. Steel shareholders experienced negative abnormal returns of -5% in response to the WTO ruling that the U.S. violated WTO law. The results here are consistent with the neoclassical view that producers gain at the expense of consumers. Downstream consumers in transportation equipment and electrical equipment showed the clearest negative reaction to the safeguards. Moreover, steel firms that received larger cash disbursements under the Byrd amendment received additional wealth gains when the safeguard duties were imposed. Finally, empirical results indicate that U.S. downstreamconsuming firms that diversify production in NAFTA countries avert some trade policy risk associated with the initiation of the safeguard investigation and the imposition of the safeguard duties.Antidumping Policy; Welfare