On the economic impact of information security announcements: an event study analysis

Prof Doc Thesis


Ford, A. 2023. On the economic impact of information security announcements: an event study analysis. Prof Doc Thesis University of East London School of Architecture, Computing and Engineering https://doi.org/10.15123/uel.8vy57
AuthorsFord, A.
TypeProf Doc Thesis
Abstract

This research is concerned with the economic impact of information security events both unfavourable (data breaches and GDPR infringement fines) and favourable (CISO appointment announcements). Literature in this area was found to be sparse and with a strong US bias, therefore this study focusses on UK and European markets. Using event study methodology, the impact on share price of a hand-gathered (due to lack of a comprehensive breach database for Europe) dataset of 45 data breach announcements concerning UK/European publicly listed companies was analysed and only weak evidence was found of a negative impact overall, although the Spanish market showed a greater reaction. Regarding GDPR infringement fine announcements (25 examples), statistically significant CARs of -1% on average were observed over a three-day period. Spanish and Romanian markets were shown to be particularly reactive. Such a loss in market capitalisation was, in almost all cases, much greater than the monetary value of the fine itself, actually ca. 29,000 times greater on average. Announcements of CISO type role appointments (37 examples) showed an uplift in share price of around 0.8% on average over a three-day period before, during and after the announcement. The financial services sector was found to respond more positively (+1.8%) with statistical significance at the 1% level. As well as highlighting the benefits of transparency by publicly listed firms and disclosure regulations in early-adopter nations such as the US, the results of these studies should encourage firms to improve their cyber security postures overall to emulate highly regulated sectors such as financial services. A review of security investment strategies is also included for convenience, as well as pointers for future research. This research would be of benefit to business management, practitioners of cybersecurity, investors and shareholders, policy makers as well as researchers in cyber security or related fields.

Year2023
PublisherUniversity of East London
Digital Object Identifier (DOI)https://doi.org/10.15123/uel.8vy57
File
License
File Access Level
Anyone
Publication dates
Online26 Apr 2023
Publication process dates
Completed13 Apr 2023
Deposited26 Apr 2023
Copyright holder© 2023, The Author
Permalink -

https://repository.uel.ac.uk/item/8vy57

Download files


File
2023_DInfSec_Ford.pdf
License: CC BY-NC-ND 4.0
File access level: Anyone

  • 402
    total views
  • 486
    total downloads
  • 18
    views this month
  • 26
    downloads this month

Export as

Related outputs

The Impact of CISO Appointment Announcements on the Market Value of Firms
Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2022. The Impact of CISO Appointment Announcements on the Market Value of Firms. 17th International Conference on Cyber Warfare and Security (ICCWS 2022). Albany, New York, USA 17 - 18 Mar 2022 Academic Conferences International (ACI).
The Impact of Data Breach Announcements on Company Value in European Markets
Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2021. The Impact of Data Breach Announcements on Company Value in European Markets. WEIS 2021: The 20th Annual Workshop on the Economics of Information Security. 28 - 29 Jun 2021
The Impact of GDPR Infringement Fines on the Market Value of Firms
Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2021. The Impact of GDPR Infringement Fines on the Market Value of Firms. ECCWS 2021- Proceeding of the 20th European Conference on Cyber Warfare and Security. 24 - 25 Jun 2021 Academic Conferences International (ACI). https://doi.org/10.34190/EWS.21.088