What is the Impact of Successful Cyberattacks on Target Firms?

Fisher College of Business Working Paper No. 2018-03-004

Charles A. Dice Working Paper No. 2018-03-04

59 Pages Posted: 7 Mar 2018 Last revised: 25 Jul 2018

See all articles by Shinichi Kamiya

Shinichi Kamiya

Nanyang Technological University (NTU) - Nanyang Business School

Jun-Koo Kang

Nanyang Technological University (NTU) - Nanyang Business School

Jungmin Kim

School of Accounting and Finance, Hong Kong Polytechnic University

Andreas Milidonis

University of Cyprus - Department of Accounting and Finance

René M. Stulz

Ohio State University (OSU) - Department of Finance; National Bureau of Economic Research (NBER); European Corporate Governance Institute (ECGI)

Multiple version iconThere are 2 versions of this paper

Date Written: July 25, 2018

Abstract

We examine which firms are targets of cyberattacks and how they are affected. We find that cyberattacks cause firms to reassess the risks that they are exposed to and their consequences, so that they have real effects on firm policies even when targets are not financially constrained. Cyberattacks are more likely to occur at more visible firms, firms with more intangible assets, and firms with less board attention to risk management. Attacks where personal financial information is appropriated are associated with a negative stock-market reaction, a decrease in sales growth for large firms and retail firms, an increase in leverage, a deterioration in financial health, and a decrease in investment in the short run. Firms further respond to cyberattacks by reducing CEO bonuses and risk-taking incentives and by strengthening their risk management.

Keywords: Cyber risk, Cyberattack, Hacking, Risk management, Firm value, Leverage, Compensation policy

JEL Classification: G14, G32, G34, G35

Suggested Citation

Kamiya, Shinichi and Kang, Jun-Koo and Kim, Jungmin and Milidonis, Andreas and Stulz, Rene M., What is the Impact of Successful Cyberattacks on Target Firms? (July 25, 2018). Fisher College of Business Working Paper No. 2018-03-004. Available at SSRN: https://ssrn.com/abstract=3135514 or http://dx.doi.org/10.2139/ssrn.3135514

Shinichi Kamiya

Nanyang Technological University (NTU) - Nanyang Business School ( email )

Singapore, 639798
Singapore

Jun-Koo Kang

Nanyang Technological University (NTU) - Nanyang Business School ( email )

Nanyang Avenue, Block S3-01b-54
Singapore, 639798
Singapore
(+65) 6790-5662 (Phone)
(+65) 6791-3697 (Fax)

HOME PAGE: http://www.nbs.ntu.edu.sg/nbs_corporate/divisions/bnf/index.asp

Jungmin Kim

School of Accounting and Finance, Hong Kong Polytechnic University ( email )

M757 Li Ka Shing Tower
Hung Hom, Kowloon
Hong Kong
852 2766 7061 (Phone)

Andreas Milidonis

University of Cyprus - Department of Accounting and Finance ( email )

P.O. Box 20537
Nicosia CY-1678
Cyprus
+357 22 893 626 (Phone)

HOME PAGE: http://www.ucy.ac.cy/~amilidon/

Rene M. Stulz (Contact Author)

Ohio State University (OSU) - Department of Finance ( email )

2100 Neil Avenue
Columbus, OH 43210-1144
United States

HOME PAGE: http://www.cob.ohio-state.edu/fin/faculty/stulz

National Bureau of Economic Research (NBER)

1050 Massachusetts Avenue
Cambridge, MA 02138
United States

European Corporate Governance Institute (ECGI)

c/o ECARES ULB CP 114
B-1050 Brussels
Belgium

Register to save articles to
your library

Register

Paper statistics

Downloads
686
rank
34,586
Abstract Views
2,374
PlumX Metrics