On the economic impact of information security announcements: an event study analysis

Prof Doc Thesis

Ford, A. 2023. On the economic impact of information security announcements: an event study analysis. Prof Doc Thesis University of East London School of Architecture, Computing and Engineering https://doi.org/10.15123/uel.8vy57

Publication dates
Authors	Ford, A.
Type	Prof Doc Thesis
Abstract	This research is concerned with the economic impact of information security events both unfavourable (data breaches and GDPR infringement fines) and favourable (CISO appointment announcements). Literature in this area was found to be sparse and with a strong US bias, therefore this study focusses on UK and European markets. Using event study methodology, the impact on share price of a hand-gathered (due to lack of a comprehensive breach database for Europe) dataset of 45 data breach announcements concerning UK/European publicly listed companies was analysed and only weak evidence was found of a negative impact overall, although the Spanish market showed a greater reaction. Regarding GDPR infringement fine announcements (25 examples), statistically significant CARs of -1% on average were observed over a three-day period. Spanish and Romanian markets were shown to be particularly reactive. Such a loss in market capitalisation was, in almost all cases, much greater than the monetary value of the fine itself, actually ca. 29,000 times greater on average. Announcements of CISO type role appointments (37 examples) showed an uplift in share price of around 0.8% on average over a three-day period before, during and after the announcement. The financial services sector was found to respond more positively (+1.8%) with statistical significance at the 1% level. As well as highlighting the benefits of transparency by publicly listed firms and disclosure regulations in early-adopter nations such as the US, the results of these studies should encourage firms to improve their cyber security postures overall to emulate highly regulated sectors such as financial services. A review of security investment strategies is also included for convenience, as well as pointers for future research. This research would be of benefit to business management, practitioners of cybersecurity, investors and shareholders, policy makers as well as researchers in cyber security or related fields.
Year	2023
Publisher	University of East London
Digital Object Identifier (DOI)	https://doi.org/10.15123/uel.8vy57
File	2023_DInfSec_Ford.pdf License CC BY-NC-ND 4.0 File Access Level Anyone
Online	26 Apr 2023
Publication process dates
Completed	13 Apr 2023
Deposited	26 Apr 2023
Copyright holder	© 2023, The Author

Permalink -

https://repository.uel.ac.uk/item/8vy57

Download files

File

	2023_DInfSec_Ford.pdf
License: CC BY-NC-ND 4.0
File access level: Anyone

381
total views
444
total downloads
28
views this month
22
downloads this month

Export as

Related outputs

The Impact of CISO Appointment Announcements on the Market Value of Firms

Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2022. The Impact of CISO Appointment Announcements on the Market Value of Firms. 17th International Conference on Cyber Warfare and Security (ICCWS 2022). Albany, New York, USA 17 - 18 Mar 2022 Academic Conferences International (ACI).

The Impact of Data Breach Announcements on Company Value in European Markets

Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2021. The Impact of Data Breach Announcements on Company Value in European Markets. WEIS 2021: The 20th Annual Workshop on the Economics of Information Security. 28 - 29 Jun 2021

The Impact of GDPR Infringement Fines on the Market Value of Firms

Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2021. The Impact of GDPR Infringement Fines on the Market Value of Firms. ECCWS 2021- Proceeding of the 20th European Conference on Cyber Warfare and Security. 24 - 25 Jun 2021 Academic Conferences International (ACI). https://doi.org/10.34190/EWS.21.088