A taxonomy for key escrow encryption systems
Communications of the ACM
Quality awards and the market value of the firm: an empirical investigation
Management Science
Balancing cooperation and risk in intrusion detection
ACM Transactions on Information and System Security (TISSEC)
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Managing the computer resource: a stage hypothesis
Communications of the ACM
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Information Systems Research
The Impact of E-Commerce Announcements on the Market Value of Firms
Information Systems Research
Journal of Computer Security - IFIP 2000
Is Information Security Under Control?: Investigating Quality in Information Security Management
IEEE Security and Privacy
International Journal of Electronic Commerce
Market Reactions to Information Security Breach Announcements: An Empirical Analysis
International Journal of Electronic Commerce
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Hi-index | 0.00 |
Despite all the research investigating the impact of data and information technology (IT) breaches to the market value of the breached firms, few studies explore the effects of breach events on the stock price of consulting firms that supplies the know-how and infrastructure to create, implement and maintain those information systems that were hacked. Information transfer theory and capital market expectation suggest that as more data breaches occur every year, investors, clients and customers may well look beyond the faults of the individual firms, and place some responsibility on the shoulders of these IT providers. In this study, we investigated a total of 83 breach events affecting a wide range of US firms in various industries in year 2006 and 2007. We found that the market value of the IT consulting firms is positively associated with the disclosure of IT security breaches. The IT consulting firms realized an average abnormal return of 4.01% during the 2-day period after the announcement. Using the event-study method and Ordinary Least Squares Regression to calculate and analyze these firms' abnormal returns, we found evidence that as the number of breached records increased, the IT consulting firms tended to suffer negative returns. In addition, the observed impact was more salient for breaches that affect technology intensive firms than retailing or other firms. In other words, generally speaking, the IT consulting firms have similar experiences with the attacked firms.