PUBLIC DISCLOSURE OF INFORMATION SECURITY BREACH INCIDENTS: SHORT-TERM STOCK MARKET REACTION ON INDIAN LISTED FIRMS

Abstract

ABSTRACT Data breach incidents are growing by the day and firms struggle to detect, defend, and respond to such breaches. Nowadays, security breaches are considered one of the major concerns for corporate organizations around the world. Hence, it is essential to assess the impact of such breaches on organizations. This article reports stock price reaction due to public disclosure of information security breach (ISB) incidents on publicly traded firms of India. Using the event study methodology on a sample of 120 publicly announced ISB incidents between January 2004 and April 2019 pertaining to 69 publicly listed firms of India, we found that exposure to an ISB incident exacerbates negative stock price reactions based on both one-factor market model and Fama-French three-factor model. On average, breached firms lost 0.55% of their market value within two days post the announcement of ISB incidents. Further, we found some factors that significantly negatively impacted Cumulative Abnormal Return (CAR). Important emerging factors such as type of compromised data, sentiment, subjectivity, and remedial strategy significantly impact CAR. According to our study findings, we suggest that firms should mention remedial measures in terms of apology and/or compensation in the ISB disclosure. Furthermore, the result indicates that investors penalize listed firms for subsequent ISB incidents. Thus, our findings may guide Chief Information Officers (CIOs), information security managers, and IT managers of publicly traded firms to devise various strategies in terms of IT security measures and content of the ISB disclosure.