Publication: The Impact Of Repeated Data Breach Events On Organisations’ Market Value

Information and Computer Security has published one of my research papers on the impact of repeated data breaches on the market value of organisations.

Purpose
– This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events.

Design/methodology/approach
– An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.

Findings
– Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.

Research limitations/implications
– One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.

Practical implications
– One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.

Originality/value
– This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.

Schatz, Daniel and Bashroush, Rabih (2016) ‘The Impact Of Repeated Data Breach Events On Organisations’ Market Value’, Information and Computer Security, 24(1), pp. 73-92. (10.1108/ICS-03-2014-0020).