Analyzing Effects on Firms' Market Value of Personal Information Security Breaches

According to many business publications, firms that experience information security breaches suffer substantial reputational penalties. This paper examines incidents in which confidential information, for a firms customers or employees, is stolen from or lost by publicly traded companies. Firms that experience such breaches suffer statistically significant losses in the market value of their equity. On the whole, the data indicate that these losses are of similar magnitudes to the direct costs. Thus, direct costs, and not reputational penalties, are the primary deterrents to information security breaches. Contrary to many published assertions, on average, firms that lose customer information do not suffer reputational penalties. However, when firms lose employee information, we find significant reputational penalties.

Download Full-text

Implementing a Sound Public Information Security Program

Handbook of Research on Public Information Technology ◽

10.4018/978-1-59904-857-4.ch062 ◽

2008 ◽

pp. 689-698

Author(s):

Stephen K. Aikins

Keyword(s):

Information Security ◽

Homeland Security ◽

Critical Infrastructure ◽

Personal Information ◽

Effective Means ◽

Public Information ◽

Public Agency ◽

Mainstream Media ◽

Security Breaches ◽

Nature Of Information

The evolving nature of information security threats such as cybercrime, as well as the need to ensure the confidentiality and privacy of citizen information and to protect critical infrastructure call for effective information security management in the public sector. According to Evers (2006), the FBI (Federal Bureau of Investigation) estimates that cybercrime will cost businesses an estimated $67.2 billion per year. Citizens’ privacy and the security of their personal information have become issues of increasing concern as headlines of data security breaches and identity thefts abound in the mainstream media. For example, in 2005, 9.3 million U.S. citizens, about 4.25% of the population, were victims of identity theft and fraud, costing approximately $54.4 billion (Council of Better Business & Javelin Strategy & Research, 2006). E-government applications have made it easier for citizens to conduct business online with government agencies, although their trust in the ability of governments to keep that information private is low. Considering the amount of citizen information held by governments at all levels and the steps needed to address potential homeland-security and IT-related threats to critical infrastructure, the need for effective means of safeguarding public agency data has become an issue of paramount importance. In addition, the need to ensure integrity and availability of public information resources is crucial to many government operations. As a result, several states are recognizing the importance of information security and privacy in their state IT strategic plans (National Association of State Chief Information Security Officers [NASCIO], 2006).

Download Full-text

Investigating the Impact of Publicly Announced Information Security Breaches on Three Performance Indicators of the Breached Firms

Information Resources Management ◽

10.4018/978-1-61520-965-1.ch716 ◽

2010 ◽

pp. 2141-2162

Author(s):

Myung Ko ◽

Kweku-Muata Osei-Bryson ◽

Carlos Dorantes

Keyword(s):

Information Security ◽

Stock Market ◽

Financial Performance ◽

Organizational Performance ◽

Market Value ◽

Sampling Methodology ◽

Security Breaches ◽

Stock Market Investors ◽

One Year ◽

The Impact

This article examines the impact of information security breaches on organizational performance. Until now, there have been only a few empirical academic studies that have investigated this issue and they have investigated information security breaches with the focus on the short-term impact on the market value of the firm. This study offers an alternate approach to investigate this issue as it explores the impact of breaches on financial performance of the firm, one year after the breach. Using a “matched sampling” methodology, we explored the impact of each type of breach (i.e., confidentiality, integrity, and availability) and also by IT intensity and size. Our results suggest that the direction of the impact (i.e., positive, negative) is dependent on the type of security breaches and also the impact of IT intensive firms is different from non-IT intensive firms. Our study also includes some important implications for managers and stock market investors.

Download Full-text

The impact of repeated data breach events on organisations’ market value

Information and Computer Security ◽

10.1108/ics-03-2014-0020 ◽

2016 ◽

Vol 24 (1) ◽

pp. 73-92 ◽

Cited By ~ 14

Author(s):

Daniel Schatz ◽

Rabih Bashroush

Keyword(s):

Information Security ◽

Economic Impact ◽

Investment Decisions ◽

Market Value ◽

Current Data ◽

Published Data ◽

Content Type ◽

Security Breaches ◽

Short Period ◽

The Impact

Purpose – This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events. Design/methodology/approach – An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time. Findings – Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches. Research limitations/implications – One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information. Practical implications – One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives. Originality/value – This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.

Download Full-text

How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

SSRN Electronic Journal ◽

10.2139/ssrn.2233075 ◽

2013 ◽

Cited By ~ 5

Author(s):

Russell Cameron Thomas ◽

Marcin Antkiewicz ◽

Patrick Florer ◽

Suzanne Widup ◽

Matthew Woodyard

Keyword(s):

Information Security ◽

Activity Model ◽

Security Breaches ◽

The Impact

Download Full-text

Research on Collaborative Governance Mechanism of Personal Information Security Chaos

Journal of Physics Conference Series ◽

10.1088/1742-6596/1648/3/032068 ◽

2020 ◽

Vol 1648 ◽

pp. 032068

Author(s):

Wei Xu ◽

Rong Wei

Keyword(s):

Information Security ◽

Personal Information ◽

Collaborative Governance ◽

Governance Mechanism

Download Full-text

3. Reporting of Information Security Breaches

Harboring Data ◽

10.1515/9780804772594-006 ◽

2020 ◽

pp. 50-63

Author(s):

Kim Zetter

Keyword(s):

Information Security ◽

Security Breaches

Download Full-text

Enhancing Personal Information Security on Android with a New Synchronization Scheme

2011 7th International Conference on Wireless Communications, Networking and Mobile Computing ◽

10.1109/wicom.2011.6040155 ◽

2011 ◽

Cited By ~ 2

Author(s):

Changhao Ai ◽

Jie Liu ◽

Chunxiao Fan ◽

Xiaoying Zhang ◽

Junwei Zou

Keyword(s):

Information Security ◽

Personal Information ◽

Synchronization Scheme

Download Full-text

Do Information Security Policies Reduce the Incidence of Security Breaches

Information Resources Management Journal ◽

10.4018/irmj.2005100102 ◽

2005 ◽

Vol 18 (4) ◽

pp. 21-39 ◽

Cited By ~ 37

Author(s):

Neil F. Doherty ◽

Heather Fulford

Keyword(s):

Information Security ◽

Security Policies ◽

Security Breaches

Download Full-text

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽

10.3390/sym12040664 ◽

2020 ◽

Vol 12 (4) ◽

pp. 664 ◽

Cited By ~ 4

Author(s):

Rajeev Kumar ◽

Abhishek Kumar Pandey ◽

Abdullah Baz ◽

Hosam Alhakami ◽

Wajdi Alhakami ◽

...

Keyword(s):

Decision Making ◽

Information Security ◽

Information Management ◽

Cyber Security ◽

Cyber Attacks ◽

Multi Criteria Decision Making ◽

Local Hospital ◽

Healthcare Information ◽

Security Breaches ◽

The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

Download Full-text