The impact of information security breaches: Has there been a downward shift in costs?

Abstract: By analyzing evidence of stock returns using a sophisticated market model over a long period and over two distinct and naturally arising sub-periods, this study helps resolve conflicting evidence from previous studies concerning the effect of information security breaches on market returns of firms. This study has three major findings. First, the impact of the broad class of information security breaches on stock market returns of firms is significant. Second, when breaches are classified by their primary effe… Show more

“…Specifically, companies face two types of expenditures concerning information assurance incidents [6]. One is the cost devoting to preventing virus from invading (immunization cost), and the other is the potential loss that stems from infection and remediation measures (infection loss).…”

“…Meanwhile, rumors, gossip or unverified information can also propagate in the network through the informational routes. It has been reported that information security breaches increased nearly 50% [6], and according to a recent survey by PwC, 93% of large organizations have suffered from breaches in 2011 [7]. Considering breaches, one of the commonly encountered threats currently, they may cause incidents such as system breakdowns, denial of services (DoS), data/infrastructure inaccessibility etc., leading to a remarkable amount of organizational expenses.…”

An approach to finding the cost-effective immunization targets for information assurance

“…Specifically, companies face two types of expenditures concerning information assurance incidents [6]. One is the cost devoting to preventing virus from invading (immunization cost), and the other is the potential loss that stems from infection and remediation measures (infection loss).…”

“…Meanwhile, rumors, gossip or unverified information can also propagate in the network through the informational routes. It has been reported that information security breaches increased nearly 50% [6], and according to a recent survey by PwC, 93% of large organizations have suffered from breaches in 2011 [7]. Considering breaches, one of the commonly encountered threats currently, they may cause incidents such as system breakdowns, denial of services (DoS), data/infrastructure inaccessibility etc., leading to a remarkable amount of organizational expenses.…”

An approach to finding the cost-effective immunization targets for information assurance

“…In recent years, economists have researched a number of empirical and theoretical aspects of data breaches, such as the effect of breaches on a firm's stock market price (Campbell et al, 2003;Cavusoglu et al, 2004;Acquisti et al, 2006;Kannan et al, 2007;Gordon et al, 2011), the effect of data breach disclosure laws on identity theft (Romanosky et al, 2011), and the conditions under which disclosure laws may reduce the social costs of these breaches (Romanosky et al, 2010). This work shows that while disclosure of a breach does appear to reduce identity theft, conclusive evidence of the impact on stock market price is unsettled.…”

Empirical Analysis of Data Breach Litigation

“…9 This optimal level of cybersecurity investment is illustrated in Figure 1, at the investment level of z * . Gordon and Loeb [1] were able to show that, for two broad classes of security breach probability functions, the optimal level would not exceed vL/e, or roughly 37% of the expected loss from a security breach, vL.…”

“…One method used in the cybersecurity economics literature is to measure the effect of the announcement of a cyber breach on the value of firm's stock. See, for example, [9]. the point, s(z,v) specifies a function that considers the productivity of different levels of cybersecurity investments and thus provides a revised measure of the probability of an information set's vulnerability after some level of investment in cybersecurity.…”

Investing in Cybersecurity: Insights from the Gordon-Loeb Model