Data security incidents are continually increasing; hackers, governments, and other actors increasingly attempt to gain unauthorized access to confidential data. Information Systems (IS) users are becoming more vulnerable to the risks of data breaches. Many stakeholders perceive cybersecurity incidents as indicators of firms' operational and technological internal deficiencies. Previous research has revealed that investors react negatively to data breaches, yet little is known about investors' reactions to material data security incidents. Using a sample of 232 data security incidents for 132 publicly traded companies in the United States, we applied an event study methodology to discern investors' reactions to material versus immaterial incidents. We also use multivariate regression and time-to-event analysis to examine what determines the degree of investors' reactions, considering several intervals around the event day. Our results show that investors perceive material data security incidents as a deficiency of breached companies in comparison to immaterial incidents.
Corrigendum to: do data breaches damage reputation? Evidence from 45 companies between 2002 and 2018
