Cybercrime in Europe: surprising results of an expensive lapse

Abstract

Purpose The purpose of this paper is to investigate the impact of ransomware cyber-attacks “WannaCry” and “Petya” on stock prices of publicly traded companies in the European Union. The study analyses a set of case studies related to largest recent cybercrime events, which happened in the first half of 2017. The study answers two questions, what is the impact of cybercrime to public companies? How do cybercrime announcements and publications affect stock prices? Design/methodology/approach Using archival financial data, an event study methodology was used to assess the impact of cybercrime activity on market value of European companies affected during WannaCry and Petya ransomware attacks in 2017. Findings The results suggest that announcements of information breaches because of ransomware exploits have impact on stock market returns. There is evidence of positive investors` reactions to the announcements. Specifically, there was little impact of “Wannacry” ransomware attack on market returns. Although stock market reactions differ by the sector, the market was positively affected in general. Our analysis of the impact of the more aggressive “Petya attack,” aimed at destroying affected data found evidence that such information security breach leads to increased market returns. There were significant abnormal returns starting from the third day of the announcement. These findings contradict previous results and the literature related to the impact of cyber-attacks. Originality/value Contrary to previous findings, the results suggest that ransomware attacks lead to positive market returns. However, cybercrime and other types of cyber-attacks pose serious threats whose implications deserve further investigation. Different attacks may have different consequences and could be potentially damaging to a firm’s reputation. Thus, it is necessary for companies to avoid becoming victim of cybercrime. Information systems should be continuously monitored for vulnerabilities.