The relation between information security events and firm market value, empirical evidence on recent disclosures: An extension of the GLZ study

Today, organizations and governments worldwide spend every year on average, more than $1 trillion on IT investments. This is one of the reasons why, the protection of such high investments, in terms of value, has become so important to safeguard. During the past few years, there is an obvious shift in the posture of corporate governance, towards security issues. Nowadays, security breaches are considered to be one of the major concerns of government and corporate organizations around the globe. Our work, investigates the impact of information security incidents on the firm value, analyzing publicly announced data from various sources. We used the event study methodology to investigate the impact of security breaches on the firm value. The results of previous studies are mixed and in many occasions are not in accordance with theory, providing positive impact instead of the expected negative. Our work investigates security breaches on a relatively narrow and very recent time period attempting to cover the gap of other studies. Furthermore, along with the use of CAPM, we utilize the Fama- French threefactor model for the estimation of abnormal returns. The results, steaming from the use of that model suggest a negative statistically significant impact of security breaches. Moreover, the technology firms appear to suffer higher costs from security breaches than nontechnology firms. Finally, we provide a justification for the mixed results that the research community has reported in previous related studies. (C) 2014 Elsevier Ltd. All rights reserved.