A Comprehensive Analysis of Cyber Data Breaches and Their Resulting Effects on Shareholder Wealth

38 Pages Posted: 28 May 2020

See all articles by Karen M. Hogan

Karen M. Hogan

St. Joseph's University

Gerard T. Olson

Villanova University - School of Business

Michael Angelina

Saint Joseph's University

Date Written: February 2020

Abstract

Cyber Security data breaches are an evolving major risk that corporations, public and private alike, have to contend with as part of their risk management scenarios. Historically, studies evaluating shareholder ramifications of cyber data breaches have been limited by the lack of data available to the public regarding company specific cyber attack details. The few studies that have been done have been mainly limited to sample sizes of only 100 to 200 companies over various time frames with hand collected data. This study uses a comprehensive proprietary data set developed by Advisen Ltd., the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market, to develop a representative sample of almost four thousand separate cases of public companies from all over the world experiencing cyber data breaches during the period 1990 to 2019. Using events study methodology, our results analyze both short term and long term shareholder cumulative abnormal returns around the public first notice date. The results, using the overall sample, do support smaller studies that show significantly negative short run returns for event windows that range from -1 up to 5 days after announcement date. However, our results are lower than many of the original studies that find much higher negative returns with smaller data sets. Segmenting the sample by industry and type of data breach shows a mixture of short run negative results for industries like the highly targeted service companies, while finance companies show an over correction, which result in significant positive short run, returns for investors by day 3 and 5. Returns associated with cyber attacks involving either Personal Financial Information (PFI) or Personal Identity Information (PII) support short run negative returns that are significant, but data related to Personal Health Information (PHI) show a significant overcorrection of short run excess returns. Long term results of the entire sample show significantly negative results for up to 250 trading days from announcement date of up to -7.46%.

Suggested Citation

Hogan, Karen M. and Olson, Gerard T. and Angelina, Michael, A Comprehensive Analysis of Cyber Data Breaches and Their Resulting Effects on Shareholder Wealth (February 2020). Available at SSRN: https://ssrn.com/abstract=3589701 or http://dx.doi.org/10.2139/ssrn.3589701

Karen M. Hogan (Contact Author)

St. Joseph's University ( email )

5600 City Avenue
Philadelphia, PA 1913-1395
United States
610-660-1671 (Phone)
610-660-1986 (Fax)

Gerard T. Olson

Villanova University - School of Business ( email )

800 Lancaster Avenue
Villanova, PA 19085-1678
United States
610-519-4377 (Phone)

Michael Angelina

Saint Joseph's University ( email )

5600 City Avenue,
Philadelphia, PA 19131
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
693
Abstract Views
2,636
Rank
78,167
PlumX Metrics