5,831 research outputs found

    Longitudinal Analysis of Information Security Incident Spillover Effects

    Get PDF
    When a company is hacked, market participants take notice. This has been observed consistently for at least a decade, mostly through calculating abnormal returns of individual corporate stocks after a company’s information security incident an-nouncement. Some researchers have found that information security incidents have had a decreasing effect on stock price over time. Their reports suggest that breach related stock price impacts have become increasingly shallow and short-lived. This has led some information security economists to suggest that market forces are not enough to incentivize sufficient cor-porate investment to information security. They argue that further regulation is necessary to remedy what seems like a rise in investor apathy toward corporate breaches. Other researchers, though, have cautioned that further examination is required and that other market metrics—beyond individual stock price movements—are available to better understand the effects of an information security incident. Sector-wide systematic risk is a measure of the sector’s exposure to exogenous shock. Here, this risk measurement is applied to measure the spillover effects of a corporate information security incident. I conduct 203 event studies between the years 2006 and 2016, calculating sector-wide systematic risk within American stock markets, to measure the spillover effects of data breaches within finance, healthcare, technology and services sectors. The novel application of a longitudinal analysis of variance between repeated event studies reveals that the sector-wide spillover of an incident is both significant and growing. This suggests that an increasingly compelling market incentive exists for sectors to police themselves. Also, further inquiry into common factors among outliers to these sector-wide trends may reveal best-practice strategies for information security risk management

    Do financial variables affect the systematic risk in sugar industry?

    Get PDF
    The purpose of this study is to investigate the relationship between financial variables and systematic risk. The studied variables are explored as determinants of systematic risk. This study analyzed the annual data over the period of 2005-2015 from selective industry. To test the studied hypotheses simultaneously, panel tests were applied along with multiple regression analysis approach. The findings of sugar industry have shown that liquidity, leverage (insignificant), operating efficiency, dividend payout, and chin model are inversely associated while profitability and Tobin q (insignificant) are positively related with Systematic risk. The regression results show that significant association of liquidity, profitability, operating efficiency, growth, dividend payout and chin model are with earlier studies. The studied variables have decisive impact for determinants of Systematic risk. Findings are fruitful for all stakeholders to maximize the returns by reducing the risk factors

    NSA Revelations of Privacy Breaches: Do Investors Care?

    Get PDF
    Our study is focused on the financial impact of NSA-security and privacy breach events announced in the news media between June 2013 and March 2014. While prior research has provided empirical evidence on the stock market reaction of security and privacy breaches such as confidentiality, integrity and availability breaches, there is scarce research on the financial impact of NSA-related security and privacy breaches. Based on previous studies, we apply the event study framework to analyze how NSA revelations influence investor’s confidence. Results show that NSA-breach announcements have a negative impact on investors’ confidence, which is confirmed by the negative cumulated abnormal returns on the event date. Our study contributes hence with insights on a relatively new phenomenon of high relevance concerning the security of information assets

    The effect of information security breaches on publicly listed companies’ business performance : Research about the impact of distinct information security breach types on stock market value of publicly listed companies

    Get PDF
    The negative repercussions of cyber threats on business entities are substantial. However, the existing body of research on this topic presents contradictory or imprecise findings, impeding the establishment of a consensus on effective prevention or mitigation strategies. Compounding this issue is the lack of precision and standardization in measuring and categorizing information security breaches. This study aims to enhance our understanding of the direct and long-term impacts of information security breaches on business performance, specifically by utilizing a novel classification to measure differential impacts on the stock market value of publicly listed companies. To achieve this, the following research question is posed: What are the respective impacts of disruptive and exploitative information security breaches on the stock market value of publicly listed companies, and how do these impacts evolve over time? Drawing on prior research indicating the relevance of disruptive and exploitative characteristics in understanding the effects of information security breaches on victim companies, this study seeks to improve precision and standardization in breach measurement. To answer the research question, an extensive quantitative analysis is conducted using the Cyber Event Database from the University of Maryland and historical stock market data. The investigation focuses on identifying correlations between information security breaches and stock market responses. The findings reveal that information security breaches significantly harm business performance in the short- and long-term, particularly when breaches exhibit exploitative characteristics. Moreover, these adverse effects persist long after the occurrence of the breach. The outcomes of this research provide decision-makers with valuable insights to better comprehend, anticipate, and prepare for the persistent threats posed by information security breaches. Additionally, this study contributes to existing research by expanding upon previous works. Nevertheless, further research is warranted to gain a more comprehensive understanding of the intricate dynamics within cyberspace

    The Impact of GDPR Infringement Fines on the Market Value of Firms

    Get PDF
    Previous studies have shown (varying degrees of) evidence of a negative impact of data breach announcements on the share price of publicly listed companies. Following on from this research, further studies have been carried out in assessing the economic impact of the introduction of legislation in this area to encourage firms to invest in cyber security and protect the privacy of data subjects. Existing research has been predominantly US-centric. This paper looks at the impact of the General Data Protection Regulation (GDPR) infringement fine announcements on the market value of mostly European publicly listed companies with a view to reinforcing the importance of data privacy compliance, thereby informing cyber security investment strategies for organisations. Using event study techniques, a dataset of 25 GDPR fine announcement events was analysed, and statistically significant cumulative abnormal returns (CAR) of around-1% on average up to three days after the event were identified. In almost all cases, this negative economic impact on market value far outweighed the monetary value of the fine itself, and relatively minor fines could result in major market valuation losses for companies, even those having large market capitalisations. A further dataset of four announcements where sizeable GDPR fines were subsequently appealed was also analysed and although positive returns for successful appeals were observed (and the reverse), they could not be shown to be statistically significant-perhaps due, at least in part, to COVID-19 related market volatility at that time. This research would be of benefit to business management, practitioners of cyber security, investors and shareholders as well as researchers in cyber security or related fields (pointers to future research are given). Data protection authorities may also find this work of interest

    The Impact of Data Breach Announcements on Company Value in European Markets

    Get PDF
    Recent research on the economic impact of data breach announcements on publicly listed companies was found to be sparse, with the majority of existing studies having a strong US bias. Here, a dataset of 45 data breach disclosures between 2017 and 2019 relevant to European publicly listed companies was hand-gathered (from various sources) and detailed analyses of share price impact carried out using event study techniques with the aim of supporting business cases for firms to invest in cyber security. Differences from existing studies (in particular, the US market) are highlighted and discussed along with pointers to future research in this area. Although some evidence of negative cumulative abnormal returns (CAR) in the days surrounding the announcement were observed, along with one extreme case leading to insolvency, the results were not statistically significant overall with the notable exception of the Spanish market, which appeared to be more sensitive to data breaches, reacting rapidly. Therefore, justification for cyber security investment purely based on the market value effect of a data breach disclosure would be challenging. Other factors would need to be taken into consideration such as risk appetite, industry sector and nature of the information compromised as well as relevant legislation. Certain other observations were noted such as the lack of a comprehensive breach database for Europe (unlike US) and the effect of the introduction of the General Data Protection Regulation (GDPR). This research would be of benefit to business management, practitioners of cyber security, investors and shareholders as well as researchers in cyber security or related fields

    On the economic impact of information security announcements: an event study analysis

    Get PDF
    This research is concerned with the economic impact of information security events both unfavourable (data breaches and GDPR infringement fines) and favourable (CISO appointment announcements). Literature in this area was found to be sparse and with a strong US bias, therefore this study focusses on UK and European markets. Using event study methodology, the impact on share price of a hand-gathered (due to lack of a comprehensive breach database for Europe) dataset of 45 data breach announcements concerning UK/European publicly listed companies was analysed and only weak evidence was found of a negative impact overall, although the Spanish market showed a greater reaction. Regarding GDPR infringement fine announcements (25 examples), statistically significant CARs of -1% on average were observed over a three-day period. Spanish and Romanian markets were shown to be particularly reactive. Such a loss in market capitalisation was, in almost all cases, much greater than the monetary value of the fine itself, actually ca. 29,000 times greater on average. Announcements of CISO type role appointments (37 examples) showed an uplift in share price of around 0.8% on average over a three-day period before, during and after the announcement. The financial services sector was found to respond more positively (+1.8%) with statistical significance at the 1% level. As well as highlighting the benefits of transparency by publicly listed firms and disclosure regulations in early-adopter nations such as the US, the results of these studies should encourage firms to improve their cyber security postures overall to emulate highly regulated sectors such as financial services. A review of security investment strategies is also included for convenience, as well as pointers for future research. This research would be of benefit to business management, practitioners of cybersecurity, investors and shareholders, policy makers as well as researchers in cyber security or related fields

    The impact of data security on firm value : how do stock markets react to data breach announcements?

    Get PDF
    Far too often, data security concerns are not taken as seriously as they should be. This negligent behavior does not seldom result in data breaches with far reaching economic consequences. This paper demonstrates that there is an observable decline in firm value following a data breach announcement, applying an event study methodology to a sample of 366 firms being subject to data breaches between January 2013 to July 2018. Using a onefactor and a three-factor model to estimate abnormal returns, firms experiencing a data breach lost on average about 1.33 percent of equity over a three-day window around the event. For different industries, deviations in the magnitude of negative market reactions are detected. Various company and incident related variables, such as company size and number of customer records exposed are deployed in regression analyses to account for cross-sectional variations in abnormal returns. Profitability has a positive influence on the abnormal returns obtained. Multiple breaches have a negative impact on the abnormal equity returns, however, there is no significant difference in the severity when compared to single breaches. Other factors, namely company size, leverage, magnitude of the breach and type of breach do not have any statistically significant influence on the market reactions observed.Frequentemente, as preocupações em torno da segurança dos dados não são levadas tão a sério quanto deveriam. Este comportamento negligente resulta, não raramente, em violações de dados com consequências económicas profundas. Este artigo demonstra um declínio observável no valor das empresas após o anúncio de uma violação de dados, aplicando uma metodologia de estudo de eventos a uma amostra de 366 empresas sujeitas a violações de dados entre janeiro de 2013 e julho de 2018. Utilizando um modelo de um fator e de três fatores para estimar retornos anormais, as empresas que sofreram violações de dados perderam, em média, aproximadamente 1,33 por centro do património líquido num período de três dias a contar do evento. Para diferentes indústrias, são detetados desvios na magnitude das reações negativas ao mercado. Várias variáveis relacionadas com a empresa e com incidentes, tais como o tamanho da empresa e o número de registos de clientes expostos são incorporadas em análises de regressão para contabilizar as variações transversais nos retornos anormais. A rentabilidade tem uma influência positiva nos retornos anormais obtidos. Múltiplas violações têm um impacto negativo nos retornos anormais do património líquido, no entanto, não há diferenças significativas na gravidade quando comparadas com violações individuais. Outros fatores, nomeadamente o tamanho da empresa, alavancagem, a magnitude e o tipo de violação não possuem qualquer influência estatisticamente significativa nas reações de mercado observadas

    WHO WINS IN A DATA BREACH? - A COMPARATIVE STUDY ON THE INTANGIBLE COSTS OF DATA BREACH INCIDENTS

    Get PDF
    Over the years data breaches have become a status quo due to an attacker’s repeated ability to successfully infiltrate networks. 2015 was no stranger to these cases. Victims included millions of customers of Anthem, BlueCross BlueShield, Experian/T-Mobile, and Office of Personnel Management, all of whom lost confidential data. Needless to say, data breaches have a significant impact on the financial performance and reputation of firms. Collectively, the majority of the previous security studies on breach announcements have used event study methodology. These studies have focused on the change in market value of the company within a few days of the security breach announcements and concluded that there is a negative impact. But what is the impact of negative publicity due to a data breach on an organization’s reputation? How should that be gauged? In this study we compare the financial impact with the reputational damage of data breaches. We performed two event studies: an event study on stock prices and additionally a sentiment event study applied on social media data. In contrast to previous research, shareholders do not react negatively to data breach announcements, whereas the impact on reputation is statistically significant as negative

    Globalization and E-Commerce VII: Environment and Policy in the U.S.

    Get PDF
    The United States is a global leader in both Business-to-Customer (B2C) and Business-to-Business (B2B) electronic commerce. This leadership comes in part from the historical US strengths in information technology, telecommunications, financial services, and transportation - all of which are essential enabling components of e-commerce. The size and strength of the US economy, the wealth of its consumer base, and the relatively open access to venture capital creates an attractive environment for e-commerce investment. Official US Government policy toward e-commerce is to let the private sector take the lead, with government helping to make the business climate right for innovation and investment. Prior US Government investments in essential e-commerce infrastructure for military purposes (e.g., digital computing, the Internet) and for civilian purposes (e.g., interstate highways, air transport) played an important role in the US lead in e-commerce. US Government policies favoring widespread economic liberalization since the 1970\u27s in areas such as financial services, transportation, and telecommunications helped enable and stimulate private sector investment and innovation in e-commerce. The collapse of the dot.com era in the late 1990\u27s hit key sectors of e-commerce hard, suggesting that some of the more dramatic and positive predictions of e-commerce growth and impact will either be delayed substantially or will not come to pass. The strength of surviving e-commerce companies (e.g., Amazon and eBay), as well as the relative stability of the technology sector (e.g., Cisco Systems, Dell, Intel, IBM) and the continued investment of large industry sectors (e.g., autos, finance) suggest that e-commerce is still growing and is here to stay. Consumers are intrigued by B2C e-commerce, and many have used such services, but serious concerns related to privacy and transaction security remain obstacles to universal adoption of B2C e-commerce
    • …
    corecore