Abstract
The growing threat of cyber breach has become one of the most feared risks corporations around the world are currently dealing with. This paper uses a methodology similar to Hogan, Olson, and Angelina (2020) to analyze global shareholder value effects of cyber breaches from 1990 to 2019 for five major non-US countries. Cumulative Average Returns (CARs) are calculated using the first notice date to periods of up to 90 days post-announcement to compare short-term and long-term effects of cyber breaches on the stock price. Results for this data set show significant negative returns for US corporations in all windows. Unlike its US counterparts, short-term results for non-US countries show no significant changes to price as a result of cyber breach announcements. Long-term results for the aggregate non-US sample show significance only at the (0,30) window. Individual country long-term analysis shows some significance depending on the event windows, but no common patterns are seen among countries. These results point to differences in how news of a cyber breach, by country, is perceived in the market. The results help explain some of the patterns insurance companies have seen in the reticent buying habits of global companies with respect to cyber insurance.
Highlights
According to Eling (2018), cyber risk, or information security in general, is a classic topic in IT research, relatively few researchers are currently analyzing the topic from a business or an economics perspective
Since cyber breaches are not exclusively a US phenomenon, this study looks at disentangling those events to determine differences that might exist between corporate country domains
Increases in cyber insurance purchases, coupled with changes in breach habits by bad actors who have moved into ransom ware as a popular method of breach, may have cut down the out of pocket direct and indirect costs to the firm as some of the costs have been transferred to the insurance industry
Summary
According to Eling (2018), cyber risk, or information security in general, is a classic topic in IT research, relatively few researchers are currently analyzing the topic from a business or an economics perspective. When looking at major non-US cyber events for firms who are traded on exchanges in the US, the short-term CARs for event windows spanning (-1 to 5) for all countries, regardless of aggregation of the data, do not show any significant cumulative abnormal price changes positive or negative to news of a cyber event, implying, that the market perceives the news of a cyber breach differently depending on the country of the domain. The current lack of short-term shareholder value changes and differing long-term patterns for non-US countries supports the historical lack in current global demand for cyber insurance products for countries outside the US, as observed by Eling and Wirfs (2019) and may point to possible shareholder value pattern changes in the future as those markets develop This points to areas of future research.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
