Communications of the Association for Information Systems


While unfortunate physical events result in a negative market reaction, cyber events rarely do. It is our contention that a security attack is a complex intervention that ripples through the attacked company’s ecosystem. Over time, new information about the incident is revealed which might change the trajectory of the effect. This study aims to understand the impact of a security breach on the attacked company, its ecosystem (e.g., consumers, vendors, banks, and hackers), and surrounding society. By utilizing a stakeholder analysis as a methodological framework, we found that, while some stakeholders are losers, other are winners. Our analysis also implies that, depending on subsequent events, the effect of a security breach on the attacked firm varies over time, suggesting a “wait and see” attitude by the market.