Abstract

ABSTRACT Data breach incidents are growing by the day and firms struggle to detect, defend, and respond to such breaches. Nowadays, security breaches are considered one of the major concerns for corporate organizations around the world. Hence, it is essential to assess the impact of such breaches on organizations. This article reports stock price reaction due to public disclosure of information security breach (ISB) incidents on publicly traded firms of India. Using the event study methodology on a sample of 120 publicly announced ISB incidents between January 2004 and April 2019 pertaining to 69 publicly listed firms of India, we found that exposure to an ISB incident exacerbates negative stock price reactions based on both one-factor market model and Fama-French three-factor model. On average, breached firms lost 0.55% of their market value within two days post the announcement of ISB incidents. Further, we found some factors that significantly negatively impacted Cumulative Abnormal Return (CAR). Important emerging factors such as type of compromised data, sentiment, subjectivity, and remedial strategy significantly impact CAR. According to our study findings, we suggest that firms should mention remedial measures in terms of apology and/or compensation in the ISB disclosure. Furthermore, the result indicates that investors penalize listed firms for subsequent ISB incidents. Thus, our findings may guide Chief Information Officers (CIOs), information security managers, and IT managers of publicly traded firms to devise various strategies in terms of IT security measures and content of the ISB disclosure.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.