Time-varying effects of cyberattacks on firm value

McShane, Michael K.; Nguyen, Trung

doi:10.1057/s41288-020-00170-x

Cited by 12 publications

(13 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One way to classify and identify cyberattacks is whether they affect the “confidentiality, availability or integrity of information or information systems” (Biener et al, 2015). For example, data breach mainly affects confidentiality, denial of service and ransomware attacks involve availability of information, and website defacement reduces integrity, whereas phishing attacks might affect both confidentiality and integrity (McShane & Nguyen, 2020). Generally, an item is considered an identifiable asset when there are significantly negative consequences if the breached data are made publicly available, falsified, or no longer accessible.…”

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

“…Some event studies document significant negative shareholder reactions to cyber‐related incidents (e.g., Bose & Leung, 2014; Cavusoglu et al, 2004; Gatzlaff & McCullough, 2010; Higgs et al, 2016; Modi et al, 2015; Yayla & Hu, 2011), whereas others find insignificant evidence (e.g., Amir et al, 2018; Das et al, 2012; Hovav & D'Arcy, 2003; McShane & Nguyen, 2020). In addition, there is inconsistency with respect to the reported average market value loss (if any).…”

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

“…In particular, Gatzlaff and McCullough (2010) find that more recent cyber‐related incidents result in more negative shareholder reactions than attacks in an earlier period. In contrast, analyzing a comprehensive sample of cyberattacks over the 2007–2016 period, McShane and Nguyen (2020) report that the impact of cyberattacks on short‐term shareholder reactions over time follows a U‐shape curve. Possible explanations for the observed pattern include increased cybersecurity investments and cyber insurance usage, and/or investors becoming accustomed to the frequent occurrence of these cyber‐related events.…”

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

“…Compared with the substantial number of studies examining the impact of cybersecurity breaches on shareholder value in the short‐run, less attention has been devoted to their effect on firm long‐term performance (Kamiya et al, 2020; Ko & Dorantes, 2006; Lending et al, 2018; McShane & Nguyen, 2020; Morse et al, 2011). In general, there is some agreement among the mentioned papers that cyberattacks incur additional costs for targeted firms, which lowers their long‐term performance on average.…”

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

“…As discussed previously, risk analysis is an important step of the risk management process. There has been substantial work on determining the impact of cyberattacks on stock prices as described by McShane and Nguyen (2020) and Poyraz et al (2020) but not on the interaction of the risk analysis step with other parts of the ERM process. An interesting avenue for physical supply chain risk management researchers is to investigate if their work can be applied to the cyber supply chain risk, meaning the cyber risk that organizations face from their suppliers and vendors and termed interdependent security by Böhme and Schwartz (2010).…”

Section: Future Research: Gaps In Cyber Risk Researchmentioning

confidence: 99%

See 4 more Smart Citations

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

Self Cite

View full text Add to dashboard Cite

Cybersecurity research started in the late 1960s and has continuously evolved under different names such as computer security and information security. This article briefly covers that history but will especially focus on the latest incarnation known as "cyber risk management," which includes both technical and economic/management dimensions. The main focus of the article is to review research on individual steps of the cyber risk management process and on the overall process to highlight gaps and determine research directions. Two main findings are that cyber risk is difficult to include in the overall enterprise risk management process and that a move toward cyber resilience is necessary to deal with such a complex risk. Both findings require a level of interdisciplinary collaboration that is currently lacking.

show abstract

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

Section: Future Research: Gaps In Cyber Risk Researchmentioning

confidence: 99%

See 3 more Smart Citations

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

Self Cite

View full text Add to dashboard Cite

show abstract

Cyberattacks, cash conversion cycle, and corporate performance

Harris,

Nguyen

2023

J Corp Accounting Finance

Self Cite

View full text Add to dashboard Cite

This study examines the effect of working capital efficiency on the performance of firms that experience cyberattacks. We find robust evidence that an aggressive working capital policy improves the immediate and after‐market stock returns as well as the operating performance of firms that suffer an outside party or a malware hacker attack. Specifically, we document a negative relationship between announcement period abnormal returns and the industry‐adjusted cash conversion cycle, implying that investors react less favorably when breached firms have more conservative working capital policies. We also find a negative association between the cash cycle and long‐horizon buy‐and‐hold abnormal returns indicating that working capital efficacy has a protracted positive effect on stock performance after an attack. The cash conversion cycle is also negatively related to operating performance, as measured by industry‐adjusted market power, industry‐adjusted return on assets, and industry‐adjusted market‐to‐book ratio. In addition, we find that access to trade credit and the ability to delay payments made to suppliers (depicted via days’ payables outstanding) are the most important factors in helping breached firms mitigate the financial and operating costs of cyberattacks. Overall, our results are robust to endogeneity concerns and expand the literature on the firm‐level aspects of data breaches.

show abstract

Regulation of data breach publication: the case of US healthcare and the HITECH act

Bohn

Schiereck

2022

J Econ Finan

View full text Add to dashboard Cite

Data breaches continue to plague most industries but especially the healthcare sector. While previous studies have aimed at assessing the financial implications arising from data breaches, none of them focused on the healthcare sector. This study of market reactions following data breaches fills that gap. Federal disclosure requirements of data breaches within the healthcare sector allow for our comprehensive study. Using multivariate regression analysis, our findings show the high specificity with which investors react to the announcement of data breaches.

show abstract

Time-varying effects of cyberattacks on firm value

Cited by 12 publications

References 43 publications

Cyber risk management: History and future research directions

Cyber risk management: History and future research directions

Cyberattacks, cash conversion cycle, and corporate performance

Regulation of data breach publication: the case of US healthcare and the HITECH act

Contact Info

Product

Resources

About