Data breaches are the theft of sensitive information or the disruption of company operations through cybercriminal acts. This paper studies the impact data breaches have on stock prices. I use the findings to make a public policy recommendation which I believe will facilitate future cybersecurity improvements.
The impact of a data breach on stock prices is not well understood. The existing research is contradictory: Some research has found that a data breach has a statistically significant, long-term, negative impact on stock price. Others have found that data breaches have no impact. One study found a statistically significant negative impact but that the share price quickly recovers (Richardson et al., 2019). Share price reflects the market’s consensus option of the value of a firm. Clarity on the impact of a data breach on share price would help companies establish an appropriate cybersecurity investment strategy. The lack of clarity in the research makes establishing a strategy difficult.
This paper studied the share price movement of companies who disclosed a data breach between January 2007 and September 2020. It found, through event studies and statistical tests, that data breaches have a statistically significant negative impact on share price. These results were heavily influenced by a few extreme cases. Interviews with research analysts and investors found that they regard data breaches as immaterial. They do not believe customer behavior changes as a result of a breach. They also do not believe that the cost of a breach is material to a financially sound company.
The implication is that companies should be wary of over-investing in cybersecurity. Company strategy should be to do what is necessary for regulatory compliance and to be consistent with standard practices.
Market participants suffer from a lack of information. There is not a data source which can be used to determine the probability and cost of a future breach; nor is there a data source to gauge the effectiveness of a security control. Cybersecurity insurers are the natural collection and dissemination point for this data, but they view this information as their source for competitive advantage. They will not willingly share the information. The government should intervene by making the disclosure of breach information mandatory, and then ensuring that this information is widely available. / Business Administration/Interdisciplinary
| Identifer | oai:union.ndltd.org:TEMPLE/oai:scholarshare.temple.edu:20.500.12613/7710 |
| Date | January 2022 |
| Creators | McGarry, Michael, 0000-0002-4645-0379 |
| Contributors | Pang, Min-Seok, Andersson, Lynne Mary, Gordon, Elizabeth A. (Associate professor), Naveen, Lalitha, Lanter, David |
| Publisher | Temple University. Libraries |
| Source Sets | Temple University |
| Language | English |
| Detected Language | English |
| Type | Thesis/Dissertation, Text |
| Format | 101 pages |
| Rights | IN COPYRIGHT- This Rights Statement can be used for an Item that is in copyright. Using this statement implies that the organization making this Item available has determined that the Item is in copyright and either is the rights-holder, has obtained permission from the rights-holder(s) to make their Work(s) available, or makes the Item available under an exception or limitation to copyright (including Fair Use) that entitles it to make the Item available., http://rightsstatements.org/vocab/InC/1.0/ |
| Relation | http://dx.doi.org/10.34944/dspace/7682, Theses and Dissertations |
Page generated in 0.0024 seconds