On the economic impact of information security announcements: an event study analysis
Prof Doc Thesis
Ford, A. 2023. On the economic impact of information security announcements: an event study analysis. Prof Doc Thesis University of East London School of Architecture, Computing and Engineering https://doi.org/10.15123/uel.8vy57
Authors | Ford, A. |
---|---|
Type | Prof Doc Thesis |
Abstract | This research is concerned with the economic impact of information security events both unfavourable (data breaches and GDPR infringement fines) and favourable (CISO appointment announcements). Literature in this area was found to be sparse and with a strong US bias, therefore this study focusses on UK and European markets. Using event study methodology, the impact on share price of a hand-gathered (due to lack of a comprehensive breach database for Europe) dataset of 45 data breach announcements concerning UK/European publicly listed companies was analysed and only weak evidence was found of a negative impact overall, although the Spanish market showed a greater reaction. Regarding GDPR infringement fine announcements (25 examples), statistically significant CARs of -1% on average were observed over a three-day period. Spanish and Romanian markets were shown to be particularly reactive. Such a loss in market capitalisation was, in almost all cases, much greater than the monetary value of the fine itself, actually ca. 29,000 times greater on average. Announcements of CISO type role appointments (37 examples) showed an uplift in share price of around 0.8% on average over a three-day period before, during and after the announcement. The financial services sector was found to respond more positively (+1.8%) with statistical significance at the 1% level. As well as highlighting the benefits of transparency by publicly listed firms and disclosure regulations in early-adopter nations such as the US, the results of these studies should encourage firms to improve their cyber security postures overall to emulate highly regulated sectors such as financial services. A review of security investment strategies is also included for convenience, as well as pointers for future research. This research would be of benefit to business management, practitioners of cybersecurity, investors and shareholders, policy makers as well as researchers in cyber security or related fields. |
Year | 2023 |
Publisher | University of East London |
Digital Object Identifier (DOI) | https://doi.org/10.15123/uel.8vy57 |
File | License File Access Level Anyone |
Publication dates | |
Online | 26 Apr 2023 |
Publication process dates | |
Completed | 13 Apr 2023 |
Deposited | 26 Apr 2023 |
Copyright holder | © 2023, The Author |
https://repository.uel.ac.uk/item/8vy57
Download files
402
total views486
total downloads18
views this month26
downloads this month