Did IT consulting firms gain when their clients were breached?

Authors:
Jengchung V. Chen;Hung-Chih Li;David C. Yen;Kenneth Vincent Bata
Affiliations:
Institute of International Management, National Cheng Kung University, Taiwan;Department of Accountancy, National Cheng Kung University, Taiwan;Department of DSC & MIS, Miami University, Oxford, OH 45056, United States;Institute of International Management, National Cheng Kung University, Taiwan
Venue:
Computers in Human Behavior
Year:
2012

Citing 14
Cited 0

A taxonomy for key escrow encryption systems

Communications of the ACM
Quality awards and the market value of the firm: an empirical investigation

Management Science
Balancing cooperation and risk in intrusion detection

ACM Transactions on Information and System Security (TISSEC)
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
Managing the computer resource: a stage hypothesis

Communications of the ACM
The economics of information security investment

ACM Transactions on Information and System Security (TISSEC)
Research Report: A Reexamination of IT Investment and the Market Value of the Firm--An Event Study Methodology

Information Systems Research
The Impact of E-Commerce Announcements on the Market Value of Firms

Information Systems Research
The economic cost of publicly announced information security breaches: empirical evidence from the stock market

Journal of Computer Security - IFIP 2000
Is Information Security Under Control?: Investigating Quality in Information Security Management

IEEE Security and Privacy
The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers

International Journal of Electronic Commerce
Market Reactions to Information Security Breach Announcements: An Empirical Analysis

International Journal of Electronic Commerce
On the Effectiveness of Privacy Breach Disclosure Legislation in Europe: Empirical Evidence from the US Stock Market

NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
How ethics can enhance organizational privacy: lessons from the choicepoint and TJX data breaches

MIS Quarterly

Quantified Score

Hi-index	0.00

Visualization

Abstract

Despite all the research investigating the impact of data and information technology (IT) breaches to the market value of the breached firms, few studies explore the effects of breach events on the stock price of consulting firms that supplies the know-how and infrastructure to create, implement and maintain those information systems that were hacked. Information transfer theory and capital market expectation suggest that as more data breaches occur every year, investors, clients and customers may well look beyond the faults of the individual firms, and place some responsibility on the shoulders of these IT providers. In this study, we investigated a total of 83 breach events affecting a wide range of US firms in various industries in year 2006 and 2007. We found that the market value of the IT consulting firms is positively associated with the disclosure of IT security breaches. The IT consulting firms realized an average abnormal return of 4.01% during the 2-day period after the announcement. Using the event-study method and Ordinary Least Squares Regression to calculate and analyze these firms' abnormal returns, we found evidence that as the number of breached records increased, the IT consulting firms tended to suffer negative returns. In addition, the observed impact was more salient for breaches that affect technology intensive firms than retailing or other firms. In other words, generally speaking, the IT consulting firms have similar experiences with the attacked firms.