Classification of security breaches and their impact on the market value of firms

While studies in other industries suggest that firm type, firm size, and time are important factors that explain the cross-sectional variations in abnormal stock market returns, studies in the area of IS security are inconclusive. In this study, we examine whether the characteristics of the incident – Attacker type, attacker’s objective, results of the attack, attack tools and access type influence the abnormal stock market return. Our results indicate that not all attacks have the same effect on the market value of companies. The results also help us create taxonomy of attacks and identify the factors that the market views as detrimental to the organization. We found that certain attacker type, the result of the attack and objective of the attacker and the tools used for the attack have significant impact on the abnormal stock market returns while the type of access obtained have marginal effect on the market value of the firm.

[1]  L Dos SantosBrian,et al.  The Impact of Information Technology Investment Announcements on the Market Value of the Firm , 1993 .

[2]  Vernon J. Richardson,et al.  Assessing the risk in e-commerce , 2001, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[3]  Gurpreet Dhillon,et al.  Re-examining the measurement models of success for Internet commerce , 2004, Inf. Manag..

[4]  Kenneth L. Kraemer,et al.  International dimensions of the productivity paradox , 1998, CACM.

[5]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[6]  A. Gogh The impact of information technology. , 1997, Caring : National Association for Home Care magazine.

[7]  Wonseok Oh,et al.  The Effects of Firm Characteristics on Investor Reaction to IT Investment Announcements , 2001, ICIS.

[8]  A. Hovav,et al.  The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms , 2003 .

[9]  Huseyin Cavusoglu,et al.  The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[10]  Kweku-Muata Osei-Bryson,et al.  Exploring the characteristics of Internet security breaches that impact the market value of breached firms , 2007, Expert Syst. Appl..

[11]  Vernon J. Richardson,et al.  The value relevance of information technology investment announcements: incorporating industry strategic IT role , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[12]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[13]  Lei Zhou,et al.  The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[14]  Lawrence A. Gordon,et al.  Information Security Expenditures and Real Options: A Wait-and-See Approach , 2003 .

[15]  G. Dhillon,et al.  Measuring Factors that Influence the Success of Internet Commerce , 2002, Inf. Syst. Res..

[16]  Ken Peffers,et al.  The Impact of Information Technology Investment Announcements on the Market Value of the Firm , 1993, Inf. Syst. Res..