Financial Impact of Information Security Breaches on Breached Firms and their Non-Breached Competitors

Information security breaches pose a growing threat to organizations and individuals, particularly those that are heavily involved in e-business/e-commerce. An information security breach can have wide-ranging impacts, including influencing the behaviors of competitors and vice versa within the context of a competitive marketplace. Therefore, there is a need for further exploration of implications of information security breaches beyond the focus of the breached firm. This study investigates the financial impact of publicly announced information security breaches on breached firms and their non-breached competitors. While controlling for size and the industry the firm operates in, the authors focus on specific types of information security breaches (Denial of Service, Website Defacement, Data Theft, and Data Corruption). Unlike previous studies that have used event study methodology, the authors investigate information transfer effects that result from information security breaches using the matched sampling method. The study reveals statistically significant evidence of the presence of intra-industry information transfer for some types of security breaches. The authors also found evidence of contagion effects, but no similar evidence concerning competition effect.