The impact of repeated data breach events on organisations’ market value
Abstract
Purpose
This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events.
Design/methodology/approach
An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.
Findings
Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.
Research limitations/implications
One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.
Practical implications
One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.
Originality/value
This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.
Keywords
Acknowledgements
The authors would like to thank the anonymous reviewers for their valuable input.
Citation
Schatz, D. and Bashroush, R. (2016), "The impact of repeated data breach events on organisations’ market value", Information and Computer Security, Vol. 24 No. 1, pp. 73-92. https://doi.org/10.1108/ICS-03-2014-0020
Publisher
:Emerald Group Publishing Limited
Copyright © 2016, Emerald Group Publishing Limited