Ex-Intrusion Corporate Cyber-Risk: Evidence from Internet Protocol Networks

Journal of Operational Risk (2021) Vol. 16, No. 3

37 Pages Posted: 20 Jul 2021 Last revised: 22 Nov 2021

See all articles by Bill B. Francis

Bill B. Francis

Rensselaer Polytechnic Institute (RPI) - Lally School of Management

Wenyao Hu

Saint Mary's University; Rensselaer Polytechnic Institute (RPI) - Department of Finance and Accounting

Thomas Shohfi

U.S. Securities and Exchange Commission

Multiple version iconThere are 2 versions of this paper

Date Written: March 26, 2021

Abstract

Previous event studies of corporate cyber-risk have been limited to successful attacks on public firms but are biased samples constructed based on the economic magnitude of equity losses. To address this selection bias, we construct a larger and more representative sample of cyber intrusions only to find diminished negative equity (and insignificant corporate bond) market reactions compared to these prior studies. To identify cyber-risk irrespective of observing successful attacks, we match public firms to Internet protocol (IP) network data from the American Registry for Internet Numbers (ARIN) from 1991 to 2017. We find that both stockholders and creditors incorporate external IP network size into firm value. Further, debt and equity market reactions to cyberattacks are mitigated for firms with registered IP networks and that have larger network deployments. Overall, our study demonstrates an important public data source that can help institutions proxy for and more accurately price firm cybersecurity risk.

Keywords: Bank Loans, Cyber-risk, Cybersecurity, Cyberattack, Event Study, Firm Risk, Hacking, Internet, Tobin’s Q

JEL Classification: D82, G14, G24, G32

Suggested Citation

Francis, Bill B. and Hu, Wenyao and Hu, Wenyao and Shohfi, Thomas, Ex-Intrusion Corporate Cyber-Risk: Evidence from Internet Protocol Networks (March 26, 2021). Journal of Operational Risk (2021) Vol. 16, No. 3, Available at SSRN: https://ssrn.com/abstract=3888988

Bill B. Francis

Rensselaer Polytechnic Institute (RPI) - Lally School of Management ( email )

Troy, NY 12180
United States

Wenyao Hu

Rensselaer Polytechnic Institute (RPI) - Department of Finance and Accounting ( email )

Pittsburg Building 2000
110, 8th street
Troy, NY 12180
United States

Saint Mary's University ( email )

923 Robie Street
Halifax, Nova Scotia B3H 3C3
Canada

HOME PAGE: http://wenyaohu.com

Thomas Shohfi (Contact Author)

U.S. Securities and Exchange Commission ( email )

Washington, DC
United States

HOME PAGE: http://shohfi.com/

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
150
Abstract Views
840
Rank
293,095
PlumX Metrics