Stories
Slash Boxes
Comments

SoylentNews is people

Impact of Data Breaches on Corporations' Stock Values... None That Matters?

posted by Fnord666 on Friday February 16 2018, @11:19AM   Printer-friendly
from the ups-and-downs dept.

c0lo writes:

Picked this on Bruce Schneier's CRYPTO-GRAM latest issue, under the very terse description of

Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger. The market isn't going to fix this. If we want better security, we need to regulate the market.

The "Long term implications..." link is paywalled, but there are two other recent(ish) academic papers linked.

The first one, "Market Implications of Data Breaches" by Russell Lange and Eric W. Burger (21 PDF pages, title page, ToC and references included). The "executive summary/key findings":

  • While the difference in stock price between the sampled breached companies and their peers was negative (-1.13%) in the first three days following announcement of a breach, by the 14th day the return difference had rebounded to +0.05%, and on average remained positive through the period assessed.
  • For the differences in the breached companies' betas and the beta of their peer sets, the differences in the means of 8 months pre-breach versus post-breach was not meaningful at 90, 180, and 360-day post-breach periods.
  • For the differences in the breached companies' beta correlations against the peer indices pre- and post-breach, the difference in the means of the rolling 60-day correlation 8 months pre-breach versus post-breach was not meaningful at 90, 180, and 360-day post-breach periods.
  • In regression analysis, use of the number of accessed records, date, data sensitivity, and malicious versus accidental leak as variables failed to yield an R2 greater than 16.15% for response variables of 3, 14, 60, and 90-day return differential, excess beta differential, and rolling beta correlation differential, indicating
    that the financial impact on breached companies was highly idiosyncratic.
  • Based on returns, the most impacted industries at the 3-day post-breach date were U.S Financial Services, Transportation, and Global Telecom.
    At the 90-day post-breach date, the 3 most impacted industries were U.S. Financial Services, U.S. Healthcare, and Global Telecom.

The second-linked FA, "How does cyber crime affect firms? The effect of information security breaches on stock returns", by Maria Cristina Arcuri, Marina Brogi and Gino
Gandolfi (Parma and Roma Universities):

This paper investigates the impact of information security breaches on stock returns.
Using event-study methodology, we provide empirical evidence on the effect of announcements of cyber attacks on
the market value of firms from 1995 to 2015.
We show that substantial negative market returns occur following announcements of cyber attacks. We find that financial entities often suffer greater negative effects than other companies. We also find that non-confidential cyber attacks are the most dangerous, especially for the financial sector.
Our results seem to show a link between cyber crime and insider trading.

Hang on, what's happening here? The first FA says "No long term effect on stocks", the second says "substantial negative market returns"? Well the second FA looks only on the short term - at most +10 days after the breach; but some of the findings are telling an interesting story. PDF-page-8, in the "Results" section:

The event windows (-5;5) and (-3;3) show mean CARs of -1.26% and -1.19% respectively. This means that significant negative market returns occur on the days prior to and after the announcement of information security breaches. Moreover, the official announcement of a cyber attack is often partly anticipated by a few days: the asymmetric event windows (-10;-1), (-5;-1) and (-3;-1) display a statistical significance at the
90% confidence level or above. Specifically, they show mean CARs of -1.08%, -0.87% and -0.90% respectively.
These results imply that cyber criminals are in fact implicated in insider trading.

Ummm... can we really exclude the scenario in which the upper-management hide the breach for some days to arrange their affairs and then announce the breach? Still insider-trading, but not necessary carried on by the hackers.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Impact of Data Breaches on Corporations' Stock Values... None That Matters? | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by fadrian on Friday February 16 2018, @03:51PM (4 children)

    by fadrian (3194) on Friday February 16 2018, @03:51PM (#638845) Homepage

    My God! It's something the free market doesn't fix. That should trigger the Libertarians!

    --
    That is all.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Friday February 16 2018, @04:00PM

    by Anonymous Coward on Friday February 16 2018, @04:00PM (#638854)

    The free market is working as intended. There is no problem to fix and so the market value of solutions to such non-problems is zero.

  • (Score: 5, Insightful) by GreatAuntAnesthesia on Friday February 16 2018, @04:56PM (1 child)

    by GreatAuntAnesthesia (3275) on Friday February 16 2018, @04:56PM (#638890) Journal

    You have it the wrong way round. The free market isn't there to "fix" things. It doesn't exist to serve humanity. Humanity exists to serve the market. We must offer it no resistance or impedance, we must immediately present whatever cruel sacrifice it demands, we must submit to its every whim and suffer its every tantrum, for The Market is pure and divine and all who worship The Market shall be SUPREMELY FREE FOREVER!!!!!1

    1 Only while stocks of supreme immortal freedom last. Offer may be withdrawn at any time, for any reason, especially if you happen to be poor. Market freedoms shall take precedence over all other freedoms. Free Markettm reserves the right to devolve into a monopolistic cartel, oligarchic dynasty or apocalyptic feudal dystopia without notice. Supreme immortal freedom may be granted in the form of relentless, grinding servitude to those more supremely, immortally free than you are.

    • (Score: 0) by Anonymous Coward on Friday February 16 2018, @06:58PM

      by Anonymous Coward on Friday February 16 2018, @06:58PM (#638944)

      This message brought to you by Libertarians for Liberty! May we all remain free to fuck each other over for eternity.

  • (Score: 0) by Anonymous Coward on Friday February 16 2018, @07:40PM

    by Anonymous Coward on Friday February 16 2018, @07:40PM (#638972)

    if people are not willing to pay for something in the market than thats the end of the story. if you want to take my money if you want to make me pay for something well maybe you have that power but it will not be a few market and you will do so by threat of violence (tax evasion = jail)

    such a fallacious statement. if people don't care about security enough to pay or change their purchasing habits and you disagree with that genuine expression of will all of a sudden its a market failure?

    what a joke!