Expert Systems with Applications: An International Journal
Journal of Management Information Systems
Necessary measures: metric-driven information security risk assessment and decision making
Communications of the ACM
Market reaction to patent infringement litigations in the information technology industry
Information Systems Frontiers
Market Reactions to Information Security Breach Announcements: An Empirical Analysis
International Journal of Electronic Commerce
The Deterrent and Displacement Effects of Information Security Enforcement: International Evidence
Journal of Management Information Systems
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Journal of Management Information Systems
Choice and Chance: A Conceptual Model of Paths to Information Security Compromise
Information Systems Research
Why IT managers don't go for cyber-insurance products
Communications of the ACM - Scratch Programming for All
Quantifying the benefits of investing in information security
Communications of the ACM - Scratch Programming for All
Business Process-Based Resource Importance Determination
BPM '09 Proceedings of the 7th International Conference on Business Process Management
Estimating the market impact of security breach announcements on firm values
Information and Management
A formal model for pricing information systems insurance contracts
Computer Standards & Interfaces
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
An Economic Analysis of the Software Market with a Risk-Sharing Mechanism
International Journal of Electronic Commerce
PERSUASIVE'07 Proceedings of the 2nd international conference on Persuasive technology
Dependability metrics
Firms' information security investment decisions: Stock market evidence of investors' behavior
Decision Support Systems
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
A comparison of market approaches to software vulnerability disclosure
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Did IT consulting firms gain when their clients were breached?
Computers in Human Behavior
Are markets for vulnerabilities effective?
MIS Quarterly
International Journal of Information Management: The Journal for Information Professionals
Profit-maximizing firm investments in customer information security
Decision Support Systems
Information Systems Frontiers
Explaining investors' reaction to internet security breach using deterrence theory
International Journal of Electronic Finance
Theorizing Information Security Success: Towards Secure E-Government
International Journal of Electronic Government Research
Information Resources Management Journal
The Impact of Information Technology Internal Controls on Firm Performance
Journal of Organizational and End User Computing
Information Resources Management Journal
Metamodeling to Control and Audit E-Commerce Web Applications
International Journal of Electronic Commerce
The economic impact of cyber terrorism
The Journal of Strategic Information Systems
Secure federation of semantic information services
Decision Support Systems
Cost-benefit analysis of digital rights management products using stochastic models
Proceedings of the 46th Annual Simulation Symposium
A novel approach to evaluate software vulnerability prioritization
Journal of Systems and Software
Information Sciences: an International Journal
Cyber-risk decision models: To insure IT or not?
Decision Support Systems
Digital certificate management: Optimal pricing and CRL releasing strategies
Decision Support Systems
Hi-index | 0.02 |
Assessing the value of information technology (IT) security is challenging because of the difficulty of measuring the cost of security breaches. An event-study analysis, using market valuations, was used to assess the impact of security breaches on the market value of breached firms. The information-transfer effect of security breaches (i.e., their effect on the market value of firms that develop security technology) was also studied. The results show that announcing an Internet security breach is negatively associated with the market value of the announcing firm. The breached firms in the sample lost, on average, 2.1 percent of their market value within two days of the announcement--an average loss in market capitalization of $1.65 billion per breach. Firm type, firm size, and the year the breach occurred help explain the cross-sectional variations in abnormal returns produced by security breaches. The effects of security breaches are not restricted to the breached firms. The market value of security developers is positively associated with the disclosure of security breaches by other firms. The security developers in the sample realized an average abnormal return of 1.36 percent during the two-day period after the announcement--an average gain of $1.06 billion in two days. The study suggests that the cost of poor security is very high for investors. rity, information technology security management, Internet security, security breach an-