The Effect of Data Breaches on Shareholder Wealth

Abstract

AbstractMany companies face the risk of a data breach exposing stored personal information of customers and employees. The frequency of such incidents has been increasing over time and can result in significant costs for the affected firm. This article examines the stock market's assessment of the cost of data breaches at publicly traded companies in which personal information such as customer and/or employee data are exposed. Using event study methodology on a sample of 77 events between the beginning of 2004 and the end of 2006, we find that the overall effect of a data breach on shareholder wealth is negative and statistically significant. Based on a cross‐sectional analysis of the cumulative abnormal returns, we find a negative association between market reaction and firms that are less forthcoming about the details of the breach. We also find that firms with higher market‐to‐book ratios experience greater negative abnormal returns associated with a data breach. Further, we find that firm size and subsidiary status mitigate the negative effect of a data breach on the firm's stock price and that the negative market reaction to a data breach is more significant in the most recent time periods of the sample.