Exploring the characteristics of Internet security breaches that impact the market value of breached firms

The impact of Internet security breaches on firms has been a concern to both researchers and practitioners. One measure of the damage to the breached firm is the observed cumulative abnormal stock market return (CAR) when there is announcement of the attack in the public media. To develop effective Internet security investment strategies for preventing such damage, firms need to understand the factors that lead to the occurrence of CAR. While previous research have involved the use of regression analysis to explore the relationship between firm and attack characteristics and the occurrence of CAR, in this paper we use decision tree (DT) induction to explore this relationship. The results of our DT-based analysis indicate that both attack and firm characteristics determine CAR. While each of our results is consistent with that of at least one previous study, no previous single study has provided evidence that both firm and attack characteristics are determinants of CAR. Further, the DT-based analysis provides an interpretable model in the form of understandable and actionable rules that may be used by decision makers. The DT-based approach thus provides additional insights beyond what may be provided by the regression approach that has been employed in previous research. The paper makes methodological, theoretical and practical contribution to understanding the predictors of damage when a firm is breached. (C) 2006 Published by Elsevier Ltd.