What is the Impact of Successful Cyberattacks on Target Firms?
Charles A. Dice Working Paper No. 2018-03-04
59 Pages Posted: 7 Mar 2018 Last revised: 25 Jul 2018
Date Written: July 25, 2018
We examine which firms are targets of cyberattacks and how they are affected. We find that cyberattacks cause firms to reassess the risks that they are exposed to and their consequences, so that they have real effects on firm policies even when targets are not financially constrained. Cyberattacks are more likely to occur at more visible firms, firms with more intangible assets, and firms with less board attention to risk management. Attacks where personal financial information is appropriated are associated with a negative stock-market reaction, a decrease in sales growth for large firms and retail firms, an increase in leverage, a deterioration in financial health, and a decrease in investment in the short run. Firms further respond to cyberattacks by reducing CEO bonuses and risk-taking incentives and by strengthening their risk management.
Keywords: Cyber risk, Cyberattack, Hacking, Risk management, Firm value, Leverage, Compensation policy
JEL Classification: G14, G32, G34, G35
Suggested Citation: Suggested Citation