Time-varying effects of cyberattacks on firm value
- PDF / 792,182 Bytes
- 36 Pages / 439.37 x 666.142 pts Page_size
- 80 Downloads / 217 Views
Time‑varying effects of cyberattacks on firm value Michael McShane1 · Trung Nguyen2 Received: 2 September 2019 / Accepted: 15 April 2020 © The Geneva Association 2020
Abstract This paper adds to research on the effect of cyber events on the attacked firm’s value in light of conflicting results from previous studies. Using 536 cyberattack announcements that occurred during the 2007–2016 period, the main goal is to investigate for changes in investor reaction over time as cyberattacks have become more frequent. Empirical evidence shows that cumulative abnormal returns of attacked firms were volatile earlier in the period, became increasingly negative, but have moderated recently. This paper proposes and discusses potential explanations for this observed U-shaped pattern over the 10-year period. The relation between stock market reaction and type of attack, type of data affected, type of perpetrator and various firm level characteristics is also examined. Keywords Cyberattacks · Cyber event study
Introduction Organisations have suffered from cyberattacks since the advent of the Internet, but these events have become increasingly frequent. The attacks become major news stories, such as the Home Depot, Target and Equifax data breaches, and the impact on shareholder value has been attracting more extensive investigation. Cyberattacks can affect “the confidentiality, availability, or integrity of information or information systems” (Biener et al. 2015). McAfee (2018) estimates that the 2017 costs of cybercrime were USD 175 billion in the U.S. (0.87% of GDP) and USD 608 billion worldwide (0.8% of GWP). At the firm level, the average cost for a U.S. organisation dealing with a cybercrime reached an estimated USD 21.22 million in 2017, up 22% * Michael McShane [email protected] Trung Nguyen [email protected] 1
Strome College of Business, Old Dominion University, 2026 Constant Hall, Norfolk, VA 23529, USA
2
College of Business, East Carolina University, Bate Building, 3132, Greenville, NC 27858, USA
Vol.:(0123456789)
M. McShane, T. Nguyen
from 2016 (Accenture 2017). With the rapid growth of data production and interconnected networks, the potential losses as a result of cyberattacks are expected to increase. In addition, companies can also suffer from severe loss of public trust and reputation damage due to widespread negative news stories related to cyber events. More importantly, the impact of a cyberattack is difficult to estimate. Cybersecurity and insurance are subject to complex information asymmetry, correlated loss and interdependent security issues (Biener et al. 2015; Eling 2018; Pooser et al. 2018; Shetty et al. 2018), making attacks difficult to prevent and problematic to adequately insure.1 With widespread interconnectivity, a single attacker can cause simultaneous losses for multiple organisations running similar software platforms (correlated losses) and infiltration can occur via trusted external entities, such as a supplier or subcontractor, regardless of the robustness of the organisation’s
Data Loading...
