Prioritizing Investments in Cybersecurity: Empirical Evidence from an Event Study on the Determinants of Cyberattack Costs
arxiv(2024)
摘要
Along with the increasing frequency and severity of cyber incidents,
understanding their economic implications is paramount. In this context, listed
firms' reactions to cyber incidents are compelling to study since they (i) are
a good proxy to estimate the costs borne by other organizations, (ii) have a
critical position in the economy, and (iii) have their financial information
publicly available. We extract listed firms' cyber incident dates and
characteristics from newswire headlines. We use an event study over 2012–2022,
using a three-day window around events and standard benchmarks. We find that
the magnitude of abnormal returns around cyber incidents is on par with
previous studies using newswire or alternative data to identify cyber
incidents. Conversely, as we adjust the standard errors accounting for
event-induced variance and residual cross-correlation, we find that the
previously claimed significance of abnormal returns vanishes. Given these
results, we run a horse race of specifications, in which we test for the
marginal effects of type of cyber incidents, target firm sector, periods, and
their interactions. Data breaches are the most detrimental incident type with
an average loss of -1.3% or (USD -1.9 billion) over the last decade. The
health sector is the most sensitive to cyber incidents, with an average loss of
-5.21% (or USD -1.2 billion), and even more so when these are data breaches.
Instead, we cannot show any time-varying effect of cyber incidents or a
specific effect of the type of news as had previously been advocated.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要