Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches

被引:77
作者
Richardson, Vernon J. [1 ]
Smith, Rodney E. [2 ]
Watson, Marcia Weidenmier [3 ]
机构
[1] Univ Arkansas, Fayetteville, AR 72701 USA
[2] Calif State Univ Long Beach, Long Beach, CA 90840 USA
[3] Univ North Carolina Charlotte, Charlotte, NC USA
来源
JOURNAL OF INFORMATION SYSTEMS | 2019年 / 33卷 / 03期
关键词
cybersecurity; breaches; financial impact; INFORMATION SECURITY BREACHES; INTERNAL CONTROL; AUDIT FEES; EMPIRICAL-EVIDENCE; PROPENSITY SCORE; MARKET REACTIONS; FIRMS; ANNOUNCEMENTS; EVENTS; RISK;
D O I
10.2308/isys-52379
中图分类号
F8 [财政、金融];
学科分类号
0202 ;
摘要
In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breathed companies. On average, breaches result in less than -0.3 percent cumulative abnormal returns in the short window around the breach disclosure. Except for a few catastrophic breaches, the nominal difference in cumulative abnormal returns between breach companies and the matched companies disappears within days after the breach. We also test whether data breaches affect future accounting measures of performance, audit and other fees, and future Sarbanes-Oxley Section 404 reports of material internal control weaknesses, but find no differences between breach and matched companies. Our results address the question why companies are not spending more to reduce breaches. We conclude by providing a few explanations of why there appears to be an effect at the economy-wide level, but no noticeable effect on individual company performance.
引用
收藏
页码:227 / 265
页数:39
相关论文
共 92 条
[71]   Estimating Standard Errors in Finance Panel Data Sets: Comparing Approaches [J].
Petersen, Mitchell A. .
REVIEW OF FINANCIAL STUDIES, 2009, 22 (01) :435-480
[72]   The relation between information security events and firm market value, empirical evidence on recent disclosures: An extension of the GLZ study [J].
Pirounias, Sotirios ;
Mermigas, Dimitrios ;
Patsakis, Constantinos .
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2014, 19 (4-5) :257-271
[73]  
Privacy Rights Clearinghouse, 2018, WHAT DO YOU REC DAT WHAT DO YOU REC DAT
[74]  
Protiviti, 2016, EX PERSP TOP RISKS 2
[75]  
Riffkin R., 2014, Hacking Tops List of Crimes Americans Worry about Most
[76]   The effect of data breach announcements beyond the stock price: Empirical evidence on market activity [J].
Rosati, Pierangelo ;
Cummins, Mark ;
Deeney, Peter ;
Gogolin, Fabian ;
van der Werff, Lisa ;
Lynn, Theo .
INTERNATIONAL REVIEW OF FINANCIAL ANALYSIS, 2017, 49 :146-154
[77]   THE CENTRAL ROLE OF THE PROPENSITY SCORE IN OBSERVATIONAL STUDIES FOR CAUSAL EFFECTS [J].
ROSENBAUM, PR ;
RUBIN, DB .
BIOMETRIKA, 1983, 70 (01) :41-55
[78]   The impact of repeated data breach events on organisations' market value [J].
Schatz, Daniel ;
Bashroush, Rabih .
INFORMATION AND COMPUTER SECURITY, 2016, 24 (01) :73-92
[79]   (Dis)agreement, polarity, and focus: Answering negative polar questions in Italian [J].
Servidio, Emilio ;
Bocci, Giuliano ;
Bianchi, Valentina .
GLOSSA-A JOURNAL OF GENERAL LINGUISTICS, 2018, 3 (01)
[80]   Costs of Mandatory Periodic Audit Partner Rotation: Evidence from Audit Fees and Audit Timeliness [J].
Sharma, Divesh S. ;
Tanyi, Paul N. ;
Litt, Barri A. .
AUDITING-A JOURNAL OF PRACTICE & THEORY, 2017, 36 (01) :129-149
12345678910