Purpose – In this study, we examined the influence of one or more information security breaches on an organization’s stock market value as a way to benchmark the wider economic impact of such events.
Design/Methodology/approach – We used an event studies based approach where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.
Findings – Based on the results, we argue that although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.
Research limitations/implications – One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.
Practical implications – One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.
Originality/value – We envisage that as more breach event data become more widely available due to compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.
Keywords - Information Security, Event Based Analysis, Information Security Breaches
Paper type - Research pape
