The effect of information security breaches on publicly listed companies’ business performance : Research about the impact of distinct information security breach types on stock market value of publicly listed companies

Abstract

The negative repercussions of cyber threats on business entities are substantial. However, the existing body of research on this topic presents contradictory or imprecise findings, impeding the establishment of a consensus on effective prevention or mitigation strategies. Compounding this issue is the lack of precision and standardization in measuring and categorizing information security breaches. This study aims to enhance our understanding of the direct and long-term impacts of information security breaches on business performance, specifically by utilizing a novel classification to measure differential impacts on the stock market value of publicly listed companies. To achieve this, the following research question is posed: What are the respective impacts of disruptive and exploitative information security breaches on the stock market value of publicly listed companies, and how do these impacts evolve over time? Drawing on prior research indicating the relevance of disruptive and exploitative characteristics in understanding the effects of information security breaches on victim companies, this study seeks to improve precision and standardization in breach measurement. To answer the research question, an extensive quantitative analysis is conducted using the Cyber Event Database from the University of Maryland and historical stock market data. The investigation focuses on identifying correlations between information security breaches and stock market responses. The findings reveal that information security breaches significantly harm business performance in the short- and long-term, particularly when breaches exhibit exploitative characteristics. Moreover, these adverse effects persist long after the occurrence of the breach. The outcomes of this research provide decision-makers with valuable insights to better comprehend, anticipate, and prepare for the persistent threats posed by information security breaches. Additionally, this study contributes to existing research by expanding upon previous works. Nevertheless, further research is warranted to gain a more comprehensive understanding of the intricate dynamics within cyberspace.