Journal of Society for e-Business Studies

This paper analyzes the impact of information breach on shareholder value by measuring the stock price reaction associated with the announcements of data breach. The breach firms in the sample lost, on average, 1.3% of their market value, amounting to 98.9 million won of loss within two-day of the event period after the announcement. We examine the abnormal returns in various categories (i.e., source, type, size, etc.) of information breach. Although the market does not react significantly to the announcements of outside breach, we find statistically significant market reactions to inside breach. We estimate abnormal returns over the following 60 days. The mean 60-day cumulative abnormal return and BHAR (buy-and-hold abnormal returns) are both significantly far from zero. We conclude that there is a coherent market reaction following the announcement. The difference between the market reactions to IT firms and Non-IT firms is statistically significant. But breach amount, firm size, and the year the breach occurred do not show to be significant variables. 

Barber, B. M. and Lyon, J. D., “Detecting long-run abnormal stock returns: the empirical power and specification of test-statistics,” Journal of Financial Economics, Vol. 43, pp. 341-372, 1997.

Beaver, W. H., “The Information Content of Annual Earnings Announcements,” Journal of Accounting Research, Vol. 6, pp. 67-92, 1968.

Brown, S. J. and Warner, J. B., “Using Daily Stock Returns：The Case of Event Studies,” Journal of Financial Economics, Vol. 14, pp. 3-31, 1985.

Cavusoglu, H., Mishra, B., and Raghunathan, S., “The effect of Internet security breach announcements on market value: capital market reactions for breached firms and Internet security developers,” International Journal of Electronic Commerce, Vol. 9, No. 1, pp. 69-104, 2004.

Ettredge, M. and Richardson, V. J., “Assessing the risk in e-commerce,” IEEE, 2002.

Fama, E. and French, K., “The cross-section of expected stock returns,” Journal of Finance, Vol. 47, No.2, pp. 427-465, 1992.

Garba, A. B., Armarego, J., Murray, D., and Kenworthy, W., “Review of the information security and privacy challenges in BYOD environments,” Journal of Information privacy and security, pp. 38-54, 2015.

Gordon, L. A. and Loeb, M. P., “Managing cyber-security resources: A cost-benefit analysis,” McGraw-Hill New York, Vol. 1, 2006.

Han, C. H., Chai, S. W., Yoo, B. J., Ahn, D. H., and Park, C. H., “A Quantitative Assessment Model of Private Information Breach,” The Journal of Society for e-Business Studies, Vol. 16, No. 4, pp.17-31, 2011.

Hendricks, K. B. and Singhal, V. R., “Does Implementing an Effective TQM Program Actually Improve Operating Performance?: Empirical Evidence from Firms that Have Won Quality,” Management Science, Vol. 43, No. 9, pp. 1258-1274, 1997.

Hendricks, K. B. and Singhal, V. R., “The effect of supply chain glitches on shareholder wealth,” Journal of Operations Management, Vol. 21, No. 5, pp. 501-522, 2003.

Hovav, A. and D’Arcy, J., “The impact of virus attack announcements on the market value of firms,” Information System Security, Vol. 13, No. 3, pp. 46-156, 2004.

Hovav, A. and Han, J. Y., “The Impact of Security Breach Announcements on the Stock Value of Companies in South Korea,” The Journal of Internet Electronic Commerce Research, Vol. 13, No. 3, pp. 43-67, 2013.

Information Shield Inc., “Privacy Breach Impact calculator,”(http://www.informationshield.com/privacybreachcalc.html).

Jeong, S. H. and Cho, H. S., “A study on frame transition of personal information leakage, 1984～2014: social network analysis approach,” Journal of Digital Convergence, 2014.

JNSA, “Information Security Incident Survey Report,” 2004.

Kannan, K., Rees, J., and Sridhar, S., “Market Reactions to Information Security Breach Announcements: An Empirical Analysis,” International Journal of Electronic Commerce, Vol. 12, No. 1, pp.69-91, 2007.

Kim, C. W. and Kim, K. Y., “Measuring Security Price Performance in Event Studies,” Korean Journal of Financial Studies, Vol. 20, No. 1, pp. 301-327, 1997.

Kim, J. Y., “Analyzing Effects on Firms’ Market Value of Personal Information Security Breach,” The Journal of Society for e-Business Studies, Vol. 18, No. 1, pp. 1-12, 2013.

Kothari, S. P. and Warner, J. B., “Measuring long-horizon security price performance,” Journal of Financial Economics, Vol. 43, pp. 301-339, 1997.

Kwon, H., Lee, E. J., Kim, T. S., and Jun, H. J., “Estimating Compensation for Personal Information Infringement in Korea Using Contingent Valuation Methods,” Journal of The Korea Institute of Information Security and Cryptology, Vol. 22, No. 2, pp. 367-377, 2012.

Kwon, Y. O. and Kim, B. D., “The Effect of Information Security Breach and Security Investment Announcement on the Market Value of Korean Firms,” Information Systems Review, Vol. 9, No. 1, pp. 105-120, 2007.

Nam, D. W., Park, J. W., Kim, M. K., Jo, H., and Kim, S. H., “A Study about Correlation Between Collective Intelligence On The Internet Stock Message Board And Stock Market,” Korea Internet Electronic Commerce Association, Vol. 12, No. 2, pp. 149-164, 2012.

Ponemon Institute, “Cost of Data Breach Study: Global Analysis,” 2005～2014.

Yoo, J. H., Jie, S. H., and Lim, J. I., “Estimating Direct Costs of Enterprises by Personal Information Security Breachs,” Journal of The Korea Institute of Information Security and Cryptology, Vol. 19, No. 4, pp. 63-75, 2009.