Data Breach Announcements and Stock Market Reactions: A Matter of Timing?

Published Online:https://doi.org/10.1287/mnsc.2021.4264

References

  • Acquisti A, Brandimarte L, Loewenstein G (2015) Privacy and human behavior in the age of information. Sci. 347(6221):509–514.CrossrefGoogle Scholar
  • Acquisti A, Friedman A, Telang R (2006) Is there a cost to privacy breaches? An event study. Proc. 27th Internat. Conf. Inform. Systems (Association for Information Systems, Atlanta).Google Scholar
  • Agility PR Solutions (2020) Top 10 U.S. newspapers by circulation. Accessed September 10, 2020, https://www.agilitypr.com/resources/top-media-outlets/top-10-daily-american-newspapers/.Google Scholar
  • Angrist JD, Imbens GW, Rubin DB (1996) Identification of causal effects using instrumental variables. J. Amer. Statist. Assoc. 91(434):444–455.CrossrefGoogle Scholar
  • Bansal G (2019) Restoring trust after an insider breach: Both the genders matter—CEOs and users. J. Comput. Inform. Systems 61(1):11–29.CrossrefGoogle Scholar
  • Barber BM, Lyon JD (1997) Detecting long-run abnormal stock returns: The empirical power and specification of test statistics. J. Financial Econom. 43(3):341–372.CrossrefGoogle Scholar
  • Baum CF, Schaer ME, Stillman S (2007) Enhanced routines for instrumental variables/generalized method of moments estimation and testing. Stata J. 7(4):465–506.CrossrefGoogle Scholar
  • Beaver WH (1968) The information content of annual earnings announcements. J. Accounting Res. 6(1):67–92.CrossrefGoogle Scholar
  • Bisogni F (2016) Proving limits of state data breach notification laws: Is a federal law the most adequate solution? J. Inform. Policy 6:154–205.CrossrefGoogle Scholar
  • Borah A, Tellis GJ (2014) Make, buy, or ally? Choice of and payoff from announcements of alternate strategies for innovations. Marketing Sci. 33(1):114–133. LinkGoogle Scholar
  • Bose I, Leung ACM (2019) Adoption of identity theft countermeasures and its short-and long-term impact on firm value. MIS Quart. 43(1):313–327.CrossrefGoogle Scholar
  • Brown SJ, Warner JB (1985) Using daily stock returns: The case of event studies. J. Financial Econom. 14(1):3–31.CrossrefGoogle Scholar
  • Campbell K, Gordon LA, Loeb MP, Zhou L (2003) The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. J. Comput. Security 11(3):431–448.CrossrefGoogle Scholar
  • Caroll CE, McCombs ME (2003) Agenda setting effects of business news on the public’s images and opinions about major corporations. Corporate Reputation Rev. 6(1):36–46.CrossrefGoogle Scholar
  • Cavusoglu H, Mishra B, Raghunathan S (2004) The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. Internat. J. Electronic Commerce 9(1):69–104.CrossrefGoogle Scholar
  • Chambers AE, Penman SH (1984) Timeliness of reporting and the stock price reaction to earnings announcements. J. Accounting Res. 22(1):21–47.CrossrefGoogle Scholar
  • Da Z, Engelberg J, Gao P (2011) In search of attention. J. Finance 66(5):1461–1499.CrossrefGoogle Scholar
  • Damodaran A (1989) The weekend effect in information releases: A study of earnings and dividend announcements. Rev. Financial Stud. 2(4):607–623.CrossrefGoogle Scholar
  • deHaan E, Shevlin T, Thornock J (2015) Market (in)attention and the strategic scheduling and timing of earnings announcements. J. Accounting Econom. 60(1):36–55. CrossrefGoogle Scholar
  • DellaVigna S, Pollet JM (2009) Investor inattention and Friday earnings announcements. J. Finance 64(2):709–749.CrossrefGoogle Scholar
  • Doyle JT, Magilke MJ (2009) The timing of earnings announcements: An examination of the strategic disclosure hypothesis. Accounting Rev. 84(1):157–182.CrossrefGoogle Scholar
  • Durante R, Zhuravskaya E (2018) Attack when the world is not watching? US news and the Israeli-Palestinian conflict. J. Political Econom. 126(3):1085–1133.CrossrefGoogle Scholar
  • Eisensee T, Strömberg D (2007) News droughts, news floods, and US disaster relief. Quart. J. Econom. 122(2):693–728.CrossrefGoogle Scholar
  • Foerderer J (2020) Interfirm exchange and innovation in platform ecosystems: Evidence from Apple’s Worldwide Developers Conference. Management Sci. 66(10):4772–4787.LinkGoogle Scholar
  • Foerderer J, Kude T, Mithas S, Heinzl A (2018) Does platform owner’s entry crowd out innovation? Evidence from Google Photos. Inform. Systems Res. 29(2):444–460.LinkGoogle Scholar
  • Garz M, Sörensen J (2017) Politicians under investigation: The news media’s effect on the likelihood of resignation. J. Public Econom. 153(September):82–91.CrossrefGoogle Scholar
  • Gatzlaff KM, McCullough KA (2010) The effect of data breaches on shareholder wealth. Risk Management Insurance Rev. 13(1):61–83.CrossrefGoogle Scholar
  • Goel S, Shawky HA (2009) Estimating the market impact of security breach announcements on firm values. Inform. Management 46(7):404–410.CrossrefGoogle Scholar
  • Goldstein J, Chernobai A, Benaroch M (2011) An event study analysis of the economic impact of IT operational risk and its subcategories. J. Assoc. Inform. Systems 12(9):606–631.Google Scholar
  • Goode S, Hoehle H, Venkatesh V, Brown SA (2017) User compensation as data breach recovery action: An investigation of the Sony PlayStation network breach. MIS Quart. 41(3):703–727.CrossrefGoogle Scholar
  • Graham JR, Harvey CR, Rajgopal S (2005) The economic implications of corporate finance reporting. J. Accounting Econom. 40(1–3):3–73.CrossrefGoogle Scholar
  • Greene WH (2012) Econometric Analysis, 7th ed. (Pearson Education, Upper Saddle River, NJ).Google Scholar
  • Grewal J, Riedl EJ, Serafeim G (2019) Market reaction to mandatory nonfinancial disclosure. Management Sci. 65(7):3061–3084. LinkGoogle Scholar
  • Gwebu KL, Wang J, Wang L (2018) The role of corporate reputation and crisis response strategies in data breach management. J. Management Inform. Systems 35(2):683–714.CrossrefGoogle Scholar
  • Han K, Mithas S (2013) Information technology outsourcing and non-IT operating costs: An empirical investigation. MIS Quart. 37(1):315–331.CrossrefGoogle Scholar
  • Hirshleifer D, Lim SS, Theo SH (2009) Driven to distraction: Extraneous events and underreaction to earning news. J. Finance 64(5):2289–2325.CrossrefGoogle Scholar
  • Hong H, Stein JC (1999) A unified theory of underreaction, momentum trading, and overreaction in asset markets. J. Finance 54(6):2143–2184.CrossrefGoogle Scholar
  • Identity Theft Resource Center (ITRC) (2019) 2019 end-of-year data breach report. Accessed September 10, 2020, https://www.idtheftcenter.org/wp-content/uploads/2020/01/01.28.2020_ITRC_2019-End-of-Year-Data-Breach-Report_FINAL_Highres-Appendix.pdf.Google Scholar
  • Identity Theft Resource Center (ITRC) (2020) 2020 year in review data breach report. Accessed February 8, 2021, https://notified.idtheftcenter.org.Google Scholar
  • Ingram M (2018) Are we all suffering from data breach fatigue? Columbia Journalism Rev. (October 3), https://www.cjr.org/the_media_today/facebook-data-breach.php.Google Scholar
  • IT Governance (2019) Data breach notification laws by state: Compliance. Accessed August 30, 2019, https://www.itgovernanceusa.com/data-breach-notification-laws#C1.Google Scholar
  • Kaniel R, Parham R (2017) WSJ Category Kings—The impact of media attention on consumer and mutual fund investment decisions. J. Financial Econom. 123(2):337–356.CrossrefGoogle Scholar
  • Kannan K, Rees J, Sridhar S (2007) Market reactions to information security breach announcements: An empirical analysis. Internat. J. Electronic Commerce 12(1):69–91.CrossrefGoogle Scholar
  • Ko M, Dorantes C (2006) The impact of information security breaches on financial performance of the breached firms: An empirical investigation. J. Inform. Tech. Management 17(2):13–22.Google Scholar
  • Kohli R, Devaraj S, Ow TT (2012) Does information technology investment influence a firm’s market value? A case of non-publicly traded healthcare firms. MIS Quart. 36(4):1145–1163.CrossrefGoogle Scholar
  • Kothari S, Warner JB (1997) Measuring long-horizon security price performance. J. Financial Econom. 43(3):301–339.CrossrefGoogle Scholar
  • Kvochko E, Pant R (2015) Why data breaches don’t hurt stock prices. Harvard Bus. Rev. (March 31), https://hbr.org/2015/03/why-data-breaches-dont-hurt-stock-prices.Google Scholar
  • Kwon J, Johnson ME (2015) The market effect of healthcare security: Do patients care about data breaches? Workshop on the Economics of Information Security (WEIS), www.econinfosec.org/archive/weis2015/papers/WEIS_2015_kwon.pdf.Google Scholar
  • Laube S, Böhme R (2016) The economics of mandatory security breach reporting to authorities. J. Cybersecurity 2(1):29–41.CrossrefGoogle Scholar
  • Lin M, Lucas HC Jr, Shmueli G (2013) Too big to fail: Large samples and the p-value problem. Inform. Systems Res. 24(4):906–917.LinkGoogle Scholar
  • Malhotra A, Malhotra CK (2011) Evaluating customer information breaches as service failures: An event study approach. J. Service Res. 14(14):44–59.CrossrefGoogle Scholar
  • Mani D, Barua A, Whinston AB (2013) Outsourcing contracts and equity prices. Inform. Systems Res. 24(4):1028–1049.LinkGoogle Scholar
  • Martin KD, Borah A, Palmatier RW (2017) Data privacy: Effects on customer and firm performance. J. Marketing 81(1):36–58.CrossrefGoogle Scholar
  • McCombs ME, Shaw DL (1972) The agenda-setting function of mass media. Public Opinion Quart. 36(2):176–187.CrossrefGoogle Scholar
  • McCombs ME, Shaw DL (1993) The evolution of agenda-setting research: Twenty-five years in the marketplace of ideas. J. Comm. 43(2):58–67.CrossrefGoogle Scholar
  • Michaely R, Rubin A (2016) Are Friday announcements special? Overcoming selection bias. J. Financial Econom. 122(1):65–85.CrossrefGoogle Scholar
  • Michaely R, Rubin A, Vedrashko A (2014) Corporate governance and the timing of earning announcements. Rev. Finance 18(6):2003–2044.CrossrefGoogle Scholar
  • Miller AR, Tucker C (2009) Privacy protection and technology diffusion: The case of electronic medical records. Management Sci. 55(7):1077–1093.LinkGoogle Scholar
  • Mitra S, Ransbotham S (2015) Information disclosure and the diffusion of information security attacks. Inform. Systems Res. 26(3):565–584.LinkGoogle Scholar
  • Morse EA, Raval V, Wingender JRJ (2011) Market price effects of data security breaches. Inform. Security J. 20(6):263–273.Google Scholar
  • Park S (2019) Why information security law has been ineffective in addressing security vulnerabilities: Evidence from California data breach notifications and relevant court and government records. Internat. Rev. Law Econom. 58(June):132–145.CrossrefGoogle Scholar
  • Patell JM, Wolfson MA (1982) Good news, bad news, and the intraday timing of corporate disclosures. Accounting Rev. 57(3):509–527.Google Scholar
  • Romanosky S, Hoffman D, Acquisti A (2014) Empirical analysis of data breach litigation. J. Empirical Legal Stud. 11(1):74–104. CrossrefGoogle Scholar
  • Romanosky S, Telang R, Acquisti A (2011) Do data breach disclosure laws reduce identity theft? J. Policy Anal. Management 30(2):256–286.CrossrefGoogle Scholar
  • Schwartz PM, Janger EJ (2007) Notification of data security breaches. Michigan Law Rev. 105(58):913–985.Google Scholar
  • Sorescu A, Warren N, Ertekin L (2017) Event study methodology in the marketing literature: An overview. J. Acad. Marketing Sci. 45(2):186–207.CrossrefGoogle Scholar
  • Spanos G, Angelis L (2016) The impact of information security events to the stock market: A systematic literature review. Comput. Security 58(May):216–229.CrossrefGoogle Scholar
  • Stock J, Yogo M (2005) Asymptotic distributions of instrumental variables statistics with many instruments. Andrews DWK, Stock JH, eds. Identification and Inference for Econometric Models: Essays in Honor of Thomas Rothenberg (Cambridge University Press, New York), 109–120.CrossrefGoogle Scholar
  • Telang R, Wattal S (2007) An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Trans. Software Engrg. 33(8):544–557.CrossrefGoogle Scholar
  • Weaver DH (2007) Thoughts on agenda setting, framing, and priming. J. Comm. 57(1):142–147.CrossrefGoogle Scholar
  • Zou Y, Mhaidli AH, McCall A, Schaub F (2018) “I’ve got nothing to lose”: Consumers’ risk perceptions and protective actions after the Equifax data breach. USENIX Symposium on Usable Privacy and Security (SOUPS), Baltimore, MD, 197–216.Google Scholar
  • Zou Y, Danino S, Sun K, Schaub F (2019) You “might” be affected: An empirical analysis of readability and usability issues in data breach notifications. CHI 2019, Glasgow, Scotland, UK, 1–9.Google Scholar
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.