Investigating the Impact of Publicly Announced Information Security Breaches on Three Performance Indicators of the Breached Firms

This article examines the impact of information security breaches on organizational performance. Until now, there have been only a few empirical academic studies that have investigated this issue and they have investigated information security breaches with the focus on the short-term impact on the market value of the firm. This study offers an alternate approach to investigate this issue as it explores the impact of breaches on financial performance of the firm, one year after the breach. Using a “matched sampling” methodology, we explored the impact of each type of breach (i.e., confidentiality, integrity, and availability) and also by IT intensity and size. Our results suggest that the direction of the impact (i.e., positive, negative) is dependent on the type of security breaches and also the impact of IT intensive firms is different from non-IT intensive firms. Our study also includes some important implications for managers and stock market investors.

Download Full-text

The Impact of Information Security Events on the Stock Value of Firms: The Effect of Contingency Factors

Journal of Information Technology ◽

10.1057/jit.2010.4 ◽

2011 ◽

Vol 26 (1) ◽

pp. 60-77 ◽

Cited By ~ 52

Author(s):

Ali Alper Yayla ◽

Qing Hu

Keyword(s):

Information Security ◽

Stock Market ◽

Negative Impact ◽

Denial Of Service ◽

Future Research ◽

Event Analysis ◽

Market Reactions ◽

Security Breaches ◽

Stock Market Reactions ◽

The Impact

The stock market reactions to information technology (IT)-related events have often been used as proxies to the value or cost of these events in the information systems literature. In this paper, we study the stock market reactions to information-security-related events using the event analysis methodology with consideration of the effects of a number of contingency factors, including business type, industry, type of breach, event year, and length of event window. We found that pure e-commerce firms experienced higher negative market reactions than traditional bricks-and-mortar firms in the event of security breach. We also found that denial of service attacks had higher negative impact than other types of security breaches. Finally, security events occurred in recent years were found to have less significant impact than those occurred earlier, suggesting that investors may have become less sensitive to the security events. Most interestingly, our analyses showed that the magnitude and longevity of security breaches vary with time across sub-samples. This raises some serious questions regarding the validity of analyzing only short-term stock market reactions as an indicator of the cost of security breaches, and in general, an indicator of the value of IT-related events. The implications of these results are discussed and potential future research directions are proposed.

Download Full-text

Exploring relationship between sustainability and firm performance in travel and tourism industry: a global evidence

Social Responsibility Journal ◽

10.1108/srj-09-2020-0360 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Shernaz Bodhanwala ◽

Ruzbeh Bodhanwala

Keyword(s):

Stock Market ◽

Financial Performance ◽

Market Value ◽

Tourism Industry ◽

Content Type ◽

Sustainability Performance ◽

Travel And Tourism ◽

Stock Market Performance ◽

The Impact ◽

The Relationship

Purpose The study aims to investigate the relationship between aggregate and individual dimensions of sustainability and financial and stock market performances of the firms in the travel and tourism industry (TTI) across different geographies. Design/methodology/approach The sample under study consists of 146 firms belonging to TTI that have consistently obtained environmental, social and governance (ESG) rating over the period 2011–2017 as a part of Thomson Reuters Asset 4 ESG database. An empirical multivariate panel data model is developed to analyse the impact of sustainability (ESG) on firm profitability and market value within three tourism-related industries (transportation, hotel and leisure). Findings The study extends the existing literature by investigating the impact of each of the vital dimensions of sustainability performance – ESG – and examines how each dimension would affect financial performance and market value among firms within three tourism-related industries (transportation, hotel and leisure). Among the three tourism industries, hotel industry is observed to have the highest ESG compliance, followed by the transportation industry. Based on the agency and stakeholder theory, the authors hypothesized all ESG components to have significant positive effect on the financial and stock market performance; however, the results reveal that each dimension has different impact on financial performance and market value of firms in the tourism industry. Research limitations/implications The study could help firms in the travel and tourism industries to understand which of the dimension of ESG activities is significantly important for their financial and stock market performance. Originality/value The unique contribution of this study is that it considers wider definition of the term “Sustainability” and examines the relationship between financial and stock market performances of the firms and each component of ESG. This is one of the few studies at the global level that provides much needed evidence in the area of sustainability performance by the travel and tourism firms.

Download Full-text

The impact of repeated data breach events on organisations’ market value

Information and Computer Security ◽

10.1108/ics-03-2014-0020 ◽

2016 ◽

Vol 24 (1) ◽

pp. 73-92 ◽

Cited By ~ 14

Author(s):

Daniel Schatz ◽

Rabih Bashroush

Keyword(s):

Information Security ◽

Economic Impact ◽

Investment Decisions ◽

Market Value ◽

Current Data ◽

Published Data ◽

Content Type ◽

Security Breaches ◽

Short Period ◽

The Impact

Purpose – This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events. Design/methodology/approach – An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time. Findings – Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches. Research limitations/implications – One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information. Practical implications – One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives. Originality/value – This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.

Download Full-text

Forecasting the Impact of Information Security Breaches on Stock Market Returns and VaR Backtest

Journal of Mathematical Finance ◽

10.4236/jmf.2019.93024 ◽

2019 ◽

Vol 09 (03) ◽

pp. 402-454

Author(s):

Ilaria Colivicchi ◽

Riccardo Vignaroli

Keyword(s):

Information Security ◽

Stock Market ◽

Market Returns ◽

Stock Market Returns ◽

Security Breaches ◽

The Impact

Download Full-text

How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

SSRN Electronic Journal ◽

10.2139/ssrn.2233075 ◽

2013 ◽

Cited By ~ 5

Author(s):

Russell Cameron Thomas ◽

Marcin Antkiewicz ◽

Patrick Florer ◽

Suzanne Widup ◽

Matthew Woodyard

Keyword(s):

Information Security ◽

Activity Model ◽

Security Breaches ◽

The Impact

Download Full-text

The Market Value and Reputational Effects from Lost Confidential Information

International Journal of Financial Management ◽

10.21863/ijfm/2015.5.4.020 ◽

2015 ◽

Vol 5 (4) ◽

Cited By ~ 2

Author(s):

Joseph K. Tanimura ◽

Eric W. Wehrly

Keyword(s):

Information Security ◽

Market Value ◽

Direct Costs ◽

Publicly Traded ◽

Confidential Information ◽

Publicly Traded Companies ◽

Security Breaches ◽

Customer Information ◽

Employee Information

According to many business publications, firms that experience information security breaches suffer substantial reputational penalties. This paper examines incidents in which confidential information, for a firms customers or employees, is stolen from or lost by publicly traded companies. Firms that experience such breaches suffer statistically significant losses in the market value of their equity. On the whole, the data indicate that these losses are of similar magnitudes to the direct costs. Thus, direct costs, and not reputational penalties, are the primary deterrents to information security breaches. Contrary to many published assertions, on average, firms that lose customer information do not suffer reputational penalties. However, when firms lose employee information, we find significant reputational penalties.

Download Full-text

Research on the Impact of Information Security Certification and Concealment onFinancial Performance

Journal of Global Information Management ◽

10.4018/jgim.20220801oa04 ◽

2022 ◽

Vol 30 (3) ◽

pp. 0-0

Keyword(s):

Information Security ◽

Financial Performance ◽

Positive Impact ◽

Rapid Development ◽

International Standards ◽

Corporate Decisions ◽

Using Data ◽

The Impact ◽

The Relationship ◽

Iso 27001

With the rapid development of information technology, information security has been gaining attention. The International Organization for Standardization (ISO) has issued international standards and technical reports related to information security, which are gradually being adopted by enterprises. This study analyzes the relationship between information security certification (ISO 27001) and corporate financial performance using data from Chinese publicly listed companies. The study focusses on the impact of corporate decisions such as whether to obtain certification, how long to hold certification, and whether to publicize information regarding certification. The results show that there is a positive correlation between ISO 27001 and financial performance. Moreover, the positive impact of ISO 27001 on financial performance gradually increases with time. In addition, choosing not to publicize ISO 27001 certification can negatively affect enterprise performance.

Download Full-text

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽

10.3390/sym12040664 ◽

2020 ◽

Vol 12 (4) ◽

pp. 664 ◽

Cited By ~ 4

Author(s):

Rajeev Kumar ◽

Abhishek Kumar Pandey ◽

Abdullah Baz ◽

Hosam Alhakami ◽

Wajdi Alhakami ◽

...

Keyword(s):

Decision Making ◽

Information Security ◽

Information Management ◽

Cyber Security ◽

Cyber Attacks ◽

Multi Criteria Decision Making ◽

Local Hospital ◽

Healthcare Information ◽

Security Breaches ◽

The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

Download Full-text

The Impact of Strategy And Structure On The Organizational Performance of Restaurant Firms

Hospitality Education and Research Journal ◽

10.1177/109634808801200227 ◽

1988 ◽

Vol 12 (2) ◽

pp. 265-276 ◽

Cited By ~ 13

Author(s):

Eliza Ching-Yick Tse ◽

Michael D. Olsen

Keyword(s):

Organizational Structure ◽

Financial Performance ◽

Organizational Performance ◽

Positive Impact ◽

Strategy Implementation ◽

Management Literature ◽

Primary Means ◽

Restaurant Firms ◽

And Performance ◽

The Impact

There is an increased emphasis in the management literature on the use of strategic management as the primary means of adapting organizations to their changing environments. for firms in the maturing hospitality industry to survive and succeed, they will have to depend upon their ability to strategically align themselves with the turbulent environment and select appropriate strategies to create defendable competitive positions. Success in strategy implementation depends partly on a proper match between strategy and organizational structure and this match is expected to have a positive impact on financial performance. This study was conducted to explore the relationships among strategies of restaurant firms, their organizational structure and financial performance. The top management team in 296 American multi-unit restaurant firms were surveyed. Results regarding relationships posited among strategy, structure and performance are presented.

Download Full-text

Measuring the Impact of Learning Organization on Employee Retention, Competitive Advantage and Financial Performance in the BPO industry

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c1112.1083s19 ◽

2019 ◽

Vol 8 (3S) ◽

pp. 546-553 ◽

Cited By ~ 1

Keyword(s):

Financial Performance ◽

Competitive Advantage ◽

Organizational Performance ◽

Learning Organization ◽

Employee Retention ◽

Mediating Effect ◽

Shared Service ◽

Organization Framework ◽

Knowledge Intensive ◽

The Impact

In knowledge intensive industries such as the Business process Outsourcing and the Offshoring or shared service centres, the approach to learning has a significant role to play in deriving competitive advantage from domain experts who have had exposure to multiple clients who may have had a presence across the globe. The organizational experience gathered over a period of time is most relevant when redesigning processes, leveraging automation and driving business impact through higher revenue for the clients. The BPO industry is at a point of inflection where retaining top performers to showcase deep domain expertise, access to technology and a learning culture can be a huge differentiator that influences client’s choice of vendor partners. The current paper provides a Learning organization framework and establishes a link with indicators of organizational performance – employee retention, competitive advantage and financial performance. A questionnaire survey of managers from the BPO sector in India has been conducted. The findings indicate a that a robust learning organization is critical to retaining talent and gaining competitive advantage both of which have a mediating effect on the financial performance of the organization. Conclusions have been drawn from the statistical analysis and implications for the industry have been recommended.

Download Full-text