Abstract

Over the years data breaches have become a status quo due to an attacker’s repeated ability to successfully infiltrate networks. 2015 was no stranger to these cases. Victims included millions of customers of Anthem, BlueCross BlueShield, Experian/T-Mobile, and Office of Personnel Management, all of whom lost confidential data. Needless to say, data breaches have a significant impact on the financial performance and reputation of firms. Collectively, the majority of the previous security studies on breach announcements have used event study methodology. These studies have focused on the change in market value of the company within a few days of the security breach announcements and concluded that there is a negative impact. But what is the impact of negative publicity due to a data breach on an organization’s reputation? How should that be gauged? In this study we compare the financial impact with the reputational damage of data breaches. We performed two event studies: an event study on stock prices and additionally a sentiment event study applied on social media data. In contrast to previous research, shareholders do not react negatively to data breach announcements, whereas the impact on reputation is statistically significant as negative.

Share

COinS