PDF iconDownload This Paper
Open PDF in Browser
Add Paper to My Library
Permalink
Using these links will ensure access to this page indefinitely
Copy URL
Copy DOI

Risk Management, Firm Reputation, and the Impact of Successful Cyberattacks on Target Firms

Fisher College of Business Working Paper No. 2018-03-004

Charles A. Dice Working Paper No. 2018-03-04

Journal of Financial Economics (JFE), Forthcoming

78 Pages Posted: 7 Mar 2018 Last revised: 12 Aug 2019

See all articles by Shinichi Kamiya

Shinichi Kamiya

Nanyang Business School, Nanyang Technological University

Jun-Koo Kang

Nanyang Business School, Nanyang Technological University; European Corporate Governance Institute (ECGI)

Jungmin Kim

Faculty of Business, The Hong Kong Polytechnic University

Andreas Milidonis

University of Cyprus - Department of Accounting and Finance

René M. Stulz

Ohio State University (OSU) - Department of Finance; National Bureau of Economic Research (NBER); European Corporate Governance Institute (ECGI)

Multiple version iconThere are 2 versions of this paper

Date Written: July 25, 2019

Abstract

We develop a model where a firm has an optimal exposure to cyber risk. With rational, fully informed agents and with no hysteresis, a successful cyberattack should have no impact on a financially unconstrained target’s reputation and post-attack policies. In contrast, when a successful attack involves the loss of personal financial information, there is a significant shareholder wealth loss, which is much larger than the attack’s out-of-pocket costs. This excess loss is higher when the attack decreases sales growth more and lower when the board pays more attention to risk management before the attack. Further, an attack decreases a firm’s risk appetite as it beefs up its risk management and information technology and decreases the risk-taking incentives of management. Finally, successful cyberattacks adversely affect the stock price of firms in the target’s industry. These results imply that successful attacks with personal financial information loss provide adverse information about cyber risk to target firms, their stakeholders, and their competitors.

Keywords: Cyber risk, Cyberattack, Hacking, Risk management, Firm value, Leverage, Compensation policy

JEL Classification: G14, G32, G34, G35

Suggested Citation

Kamiya, Shinichi and Kang, Jun-Koo and Kim, Jungmin and Milidonis, Andreas and Stulz, Rene M., Risk Management, Firm Reputation, and the Impact of Successful Cyberattacks on Target Firms (July 25, 2019). Fisher College of Business Working Paper No. 2018-03-004, Charles A. Dice Working Paper No. 2018-03-04, Journal of Financial Economics (JFE), Forthcoming, Available at SSRN: https://ssrn.com/abstract=3135514 or http://dx.doi.org/10.2139/ssrn.3135514

Shinichi Kamiya

Nanyang Business School, Nanyang Technological University ( email )

Singapore, 639798
Singapore

Jun-Koo Kang

Nanyang Business School, Nanyang Technological University ( email )

Nanyang Avenue, Block S3-01b-54
Singapore, 639798
Singapore
(+65) 6790-5662 (Phone)
(+65) 6791-3697 (Fax)

HOME PAGE: http://www.nbs.ntu.edu.sg/nbs_corporate/divisions/bnf/index.asp

European Corporate Governance Institute (ECGI)

c/o the Royal Academies of Belgium
Rue Ducale 1 Hertogsstraat
1000 Brussels
Belgium

Jungmin Kim

Faculty of Business, The Hong Kong Polytechnic University ( email )

M757 Li Ka Shing Tower
Hung Hom, Kowloon
Hong Kong
852 2766 7061 (Phone)

Andreas Milidonis

University of Cyprus - Department of Accounting and Finance ( email )

P.O. Box 20537
Nicosia CY-1678
Cyprus
+357 22 893 626 (Phone)

HOME PAGE: http://www.ucy.ac.cy/~amilidon/

Rene M. Stulz (Contact Author)

Ohio State University (OSU) - Department of Finance ( email )

2100 Neil Avenue
Columbus, OH 43210-1144
United States

HOME PAGE: http://www.cob.ohio-state.edu/fin/faculty/stulz

National Bureau of Economic Research (NBER)

1050 Massachusetts Avenue
Cambridge, MA 02138
United States

European Corporate Governance Institute (ECGI)

c/o the Royal Academies of Belgium
Rue Ducale 1 Hertogsstraat
1000 Brussels
Belgium

PDF iconDownload This Paper
Open PDF in Browser

Do you have a job opening that you would like to promote on SSRN?

Place Job Opening

Paper statistics

Downloads
2,030
Abstract Views
9,518
Rank
14,925
188 Citations
4 References
PlumX Metrics

Related eJournals