To read this content please select one of the options below:

The impact of repeated data breach events on organisations’ market value

Daniel Schatz (Thomson Reuters, London, UK)
Rabih Bashroush (Department of Architecture, Computing and Engineering, University of East London, London, UK)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 14 March 2016

2149

Abstract

Purpose

This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events.

Design/methodology/approach

An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.

Findings

Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.

Research limitations/implications

One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.

Practical implications

One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.

Originality/value

This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.

Keywords

Acknowledgements

The authors would like to thank the anonymous reviewers for their valuable input.

Citation

Schatz, D. and Bashroush, R. (2016), "The impact of repeated data breach events on organisations’ market value", Information and Computer Security, Vol. 24 No. 1, pp. 73-92. https://doi.org/10.1108/ICS-03-2014-0020

Publisher

:

Emerald Group Publishing Limited

Copyright © 2016, Emerald Group Publishing Limited

Related articles