Purpose
The study uses cyberattacks announcements on 96 firms that are listed on S&P 500 over the period from January 03, 2013, to December 29, 2017.
Design/methodology/approach
The empirical analysis was performed in two ways: cross-section and industry level. The authors use statistical tests that account for the effects of cross-section correlation in returns, returns series correlation, volatility changes and skewness in the returns.
Findings
These imply that studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative; financial sector firms tend to react cumulatively to cyberattacks over a three-day period than other sectors; and technology firms tend to be less reactive to the announcement of a data breach. Such firms may possibly have the necessary tools and techniques to address large-scale cyberattacks.
Research limitations/implications
For cross-section analysis, the outcome shows that the market does not significantly react to cyberattacks for all the event windows, except [−30, 30], while for the sector-level analysis, the analysis offers two main results.
Practical implications
First, while there is a firm reaction to cyberattacks for long event window for retail sector, there is no evidence of a cumulative firm reaction to cyberattacks for both short and long event windows for the industrial, information technology and health sectors. Second, the firms in the financial sector, there is a strong evidence of cumulative reaction to cyberattacks for [−1, 1] for the financial industry, and the reactions disappear for relatively longer event windows.
Social implications
These imply that studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative, the financial sector firms tend to react cumulatively to cyberattacks over a three-day period than other sectors, technology firms tend to be less reactive to the announcement of a data breach, possibly such firms may have the necessary tools and techniques to address large-scale cyberattacks.
Originality/value
The work provides new insights into the effect of cyber security on stock prices.