Abstract
Concurrent with the increase in organizations’ reliance on IT systems for conducting business with their consumers and partners, there have been increases in the risk and instances of security breaches of IT systems. As a result, a large body of research has been conducted to study the financial consequences of such security breaches in general and stock market reactions using the event study methodology in particular. Notwithstanding the significant contributions of the extant studies on the topic, inconsistencies could be observed about the existence and magnitude of shareholders’ reactions to announcements of security breaches by firms. As such, this paper addresses this gap through a meta-analysis of 63 studies (with a total of 20,936 instances of security breach announcements). The results suggest that a significant relationship exists between announcements of security breach and a drop in the experiencing firms’ stock returns. In addition, this relationship is impacted by the type of security breach, time of the security breach event, the country in which the experiencing firms operate, and the size of those firms.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
References
Acquisti, A., Friedman, A., & Telang, R. (2006). Is there a cost to privacy breaches? An event study. Twenty-Seventh International Conference on Information Systems. Milwaukee, Wisconsin.
Aggarwal, N., Dai, Q., & Walden, E. A. (2012). Are open standards good business? Electronic Markets, 22(1), 63–68. https://doi.org/10.1007/s12525-011-0078-7.
Agrawal, M., Kishore, R., & Rao, H. R. (2006). Market reactions to e-business outsourcing announcements: An event study. Information & Management, 43(7), 861–873. https://doi.org/10.1016/j.im.2006.08.002.
Allouche, J., & Laroche, P. (2005). A meta-analytical investigation of the relationship between corporate social and financial performance. Revue De Gestion desRessources Humaines, 57(1), 8–41. https://hal.archives-ouvertes.fr/hal-00923906.
Anthony, J. H., Choi, W., & Grabski, S. (2006). Market reaction to e-commerce impairments evidenced by website outages. International Journal of Accounting Information Systems, 7(2), 60–78. https://doi.org/10.1016/j.accinf.2005.10.002.
Arctic Wolf. (2020). The Fascinating Decade in Cybercrime: 2010 to 2020 [online]. Available from: https://arcticwolf.com/resources/blog/decade-of-cybercrime [Accessed 20 Jul 2021]
Arcuri, M. C., Brogi, M., & Gandolfi, G. (2017). How does cyber crime affect firms? The effect of information security breaches on stock returns. First Italian Conference on Cybersecurity (ITASEC17). Venice, Italy, 175–193.
Arcuri, M. C., Gai, L., Ielasi, F., & Ventisette, E. (2020). Cyber attacks on hospitality sector: Stock market reaction. Journal of Hospitality and Tourism Technology, 11(2), 277–290. https://doi.org/10.1108/JHTT-05-2019-0080.
Aytes, K., Byers, S., & Santhanakrishnan, M. (2006). The economic impact of information security breaches: Firm value and intra-industry effects. 12th Americas Conference on Information Systems. Acapulco, Mexico.
Bagchi, K., & Udo, G. (2003). An analysis of the growth of computer and Internet security breaches. Communications of the Association for Information Systems, 12, 684–700. https://doi.org/10.17705/1CAIS.01246.
Bahli, B., & Rivard, S. (2003). The information technology outsourcing risk: A transaction cost and agency theory-based perspective. Journal of Information Technology, 18(3), 211–221. https://doi.org/10.1080/0268396032000130214.
Balasubramanian, S. K., Mathur, I., & Thakur, R. (2005). The impact of high-quality firm achievements on shareholder value: Focus on Malcolm Baldrige and JD Power and Associates awards. Journal of the Academy of Marketing Science, 33(4), 413–422. https://doi.org/10.1177/0092070305277691.
Banz, R. W. (1981). The relationship between return and market value of common stocks. Journal of Financial Economics, 9(1), 3–18. https://doi.org/10.1016/0304-405X(81)90018-0.
Benaroch, M., & Chernobai, A. (2017). Operational IT failures, IT value-destruction, and board-level IT governance changes. MIS Quarterly, 41(3), 729–762. https://doi.org/10.25300/MISQ/2017/41.3.04.
Biswas, B., & Mukhopadhyay, A. (2018). G-RAM framework for software risk assessment and mitigation strategies in organisations. Journal of Enterprise Information Management, 31(2), 276–299. https://doi.org/10.1108/JEIM-05-2017-0069.
Bitomsky, L., Bürger, O., Häckel, B., & Töppel, J. (2020). Value of data meets IT security–assessing IT security risks in data-driven value chains. Electronic Markets, 30(3), 1–17. https://doi.org/10.1007/s12525-019-00383-6.
Blume, B. D., Ford, J. K., Baldwin, T. T., & Huang, J. L. (2010). Transfer of training: A meta-analytic review. Journal of Management, 36(4), 1065–1105. https://doi.org/10.1177/0149206309352880.
Boehmer, E., Masumeci, J., & Poulsen, A. B. (1991). Event-study methodology under conditions of event-induced variance. Journal of Financial Economics, 30(2), 253–272. https://doi.org/10.1016/0304-405X(91)90032-F.
Bolster, P., Pantalone, C. H., & Trahan, E. A. (2010). Security breaches and firm value. Journal of Business Valuation and Economic Loss Analysis, 5(1), 1–13. https://doi.org/10.2202/1932-9156.1081.
Bose, I., & Leung, A. C. M. (2014). Do phishing alerts impact global corporations? A firm value analysis. Decision Support Systems, 64, 67–78. https://doi.org/10.1016/j.dss.2014.04.006.
Burke, J. J. A. (2009). Re-examining investor protection in europe and the US. eLaw Joumal Murdoch University Electronic Journal of Law, 16(2), 1–37. https://search.informit.org/doi/10.3316/agispt.20110366.
Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448. https://doi.org/10.3233/JCS-2003-11308.
Capital One. (2019). Information on the Capital One Cyber Incident. https://www.capitalone.com/facts2019/. [Accessed 15 Aug 2020].
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70–104. https://doi.org/10.1080/10864415.2004.11044320.
Cerullo, V., & Cerullo, M. J. (2004). Business continuity planning: A comprehensive approach. Information Systems Management, 21(3), 70–78. https://doi.org/10.1201/1078/44432.21.3.20040601/82480.11.
Chai, S., Kim, M., & Rao, H. R. (2011). Firms’ information security investment decisions: Stock market evidence of investors’ behavior. Decision Support Systems, 50(4), 651–661. https://doi.org/10.1016/j.dss.2010.08.017.
Chang, K.-C., Gao, Y.-K., & Lee, S.-C. (2020). The effect of data theft on a firm’s short-term and long-term market value. Mathematics, 8 (5). https://doi.org/10.3390/math8050808.
Chatterjee, D., Richardson, V. J., & Zmud, R. W. (2001). Examining the shareholder wealth effects of announcements of newly created CIO positions. MIS Quarterly, 25(1), 43–70. https://doi.org/10.2307/3250958.
Choong, P., Hutton, E., Richardson, P. S., & Rinaldo, V. (2017). Protecting the brand: Evaluating the cost of security breach from a marketer’s perspective. Journal of Marketing Development and Competitiveness, 11(1), 59–68.
Chorafas, D. N. (2004). Operational risk control with Basel II: Basic principles and capital requirements. Butterworth-Heinemann Publishing.
Coderre, D., & Police, R. C. M. (2005). Global technology audit guide: continuous auditing implications for assurance, monitoring, and risk assessment. The Institute of Internal Auditors.
D’Amico, A. D. (2000). What does a computer security breach really cost. Secure Decisions, Applied Visions Inc. Northport, NY, https://securedecisions.com/wp-content/uploads/2011/06/What-Does-a-Computer-Security-Breach-Really-Cost.pdf. [Accessed 10 Sep 2020].
Dam, H. K., Tran, T., Pham, T., Ng, S. W., Grundy, J., & Ghose, A. (2021). Automatic feature learning for predicting vulnerable software components. IEEE Transactions on Software Engineering, 47(1), 67–85. https://doi.org/10.1109/TSE.2018.2881961.
Das, S., Mukhopadhyay, A., & Anand, M. (2012). Stock market response to information security breach: A study using firm and attack characteristics. Journal of Information Privacy and Security, 8(4), 27–55. https://doi.org/10.1080/15536548.2012.10845665.
Day, G., & Fahey, L. (1988). Valuing market strategies. Journal of Marketing, 52(3), 45–57. https://doi.org/10.1177/002224298805200305.
Dennis, A. R., Wixom, B. H., & Vandenberg, R. J. (2001). Understanding fit and appropriation effects in group support systems via meta-analysis. MIS Quarterly, 25(2), 167–193. https://doi.org/10.2307/3250928.
Dos Santos, B. L., Peffers, K., & Mauer, D. C. (1993). The impact of information technology investment announcements on the market value of the firm. Information Systems Research, 4(1), 1–23. https://doi.org/10.1287/isre.4.1.1.
Doucouliagos, H., & Stanley, T. D. (2009). Publication selection bias in minimum-wage research? A meta-regression analysis. British Journal of Industrial Relations, 47(2), 406–428. https://doi.org/10.1111/j.1467-8543.2009.00723.x.
Eden, D. (2002). From the editors: Replication, meta-analysis, scientific progress, and AMJ’s publication policy. Academy of Management Journal, 45(5), 841–846. https://www.jstor.org/stable/3069317.
Ettredge, M. L., & Richardson, V. J. (2003). Information transfer among internet firms: The case of hacker attacks. Journal of Information Systems, 17(2), 71–82. https://doi.org/10.2308/jis.2003.17.2.71.
Fama, E. F. (1970). Efficient capital markets: A review of theory and empirical work. The Journal of Finance, 25(2), 383–417. https://doi.org/10.2307/2325486.
Fama, E. F., & French, K. R. (1992). The cross-section of expected stock returns. The Journal of Finance, 47(2), 427–465. https://doi.org/10.1111/j.1540-6261.1992.tb04398.x.
Galvanize. (2021). UK SOX is coming. Here’s what you need to know [online]. Retrieved August 20th, 2021v from: https://www.wegalvanize.com/compliance/uk-sox-is-coming-heres-what-you-need-to-know/.
Garg, A., Curtis, J., & Halper, H. (2003). Quantifying the financial impact of IT security breaches. Information Management & Computer Security, 11(2), 74–83. https://doi.org/10.1108/09685220310468646.
Goel, S., & Shawky, H. A. (2009). Estimating the market impact of security breach announcements on firm values. Information & Management, 46(7), 404–410. https://doi.org/10.1016/j.im.2009.06.005.
Goldstein, J., Chernobai, A., & Benaroch, M. (2011). An event study analysis of the economic impact of IT operational risk and its subcategories. Journal of the Association for Information Systems, 12(9), 606–631. https://doi.org/10.17705/1jais.00275.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2011). The impact of information security breaches: Has there been a downward shift in costs? Journal of Computer Security, 19(1), 33–56. https://doi.org/10.3233/JCS-2009-0398.
Haans, R. F. J., Pieters, C., & He, Z. (2016). Thinking about U: Theorizing and testing U-and inverted U-shaped relationships in strategy research. Strategic Management Journal, 37(7), 1177–1195. https://doi.org/10.1002/smj.2399.
Hilary, G., Segal, B., & Zhang, M. H. (2016). Cyber-risk disclosure: Who cares? Georgetown McDonough School of Business Research Paper, (2852519). https://dx.doi.org/10.2139/ssrn.2852519.
Hinz, O., Nofer, M., Schiereck, D., & Trillig, J. (2015). The influence of data theft on the share prices and systematic risk of consumer electronics companies. Information & Management, 52(3), 337–347. https://doi.org/10.1016/j.im.2014.12.006.
Hovav, A., & D’Arcy, J. (2003). The impact of denial-of-service attack announcements on the market value of firms. Risk Management and Insurance Review, 6(2), 97–121. https://doi.org/10.1046/J.1098-1616.2003.026.x.
Hovav, A., & D’Arcy, J. (2004). The impact of virus attack announcements on the market value of firms. Information Systems Security, 13(3), 32–40. https://doi.org/10.1201/1086/44530.13.3.20040701/83067.5.
Hovav, A., Han, J., & Kim, J. (2017). Market reaction to security breach announcements: Evidence from South Korea. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 48(1), 11–52. https://doi.org/10.1145/3051473.3051476.
Huffcutt, A. I., & Arthur, W. (1995). Development of a new outlier statistic for meta-analytic data. Journal of Applied Psychology, 80(2), 327–334. https://psycnet.apa.org/doi/10.1037/0021-9010.80.2.327.
Hunter, J. E., & Schmidt, F. L. (2004). Methods of meta-analysis: Correcting error and bias in research findings. Sage.
Im, K. S., Dow, K. E., & Grover, V. (2001). A reexamination of IT investment and the market value of the firm—An event study methodology. Information Systems Research, 12(1), 103–117. https://doi.org/10.1287/isre.12.1.103.9718.
Ishiguro, M., Tanaka, H., Matsuura, K., & Murase, I. (2006). The effect of information security incidents on corporate values in the Japanese stock market. In: International Workshop on the Economics of Securing the Information Infrastructure (WESII). Washington, D.C.
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The effect of a data breach announcement on customer behavior: Evidence from a multichannel retailer. Journal of Marketing, 82(2), 85–105. https://doi.org/10.1509/jm.16.0124.
Jeong, C. Y., Lee, S.-Y.T., & Lim, J.-H. (2019). Information security breaches and IT security investments: Impacts on competitors. Information & Management, 56(5), 681–695. https://doi.org/10.1016/j.im.2018.11.003.
Johansmeyer, T. (2021). Cybersecurity insurance has a big problem. Harvard Business Review. https://hbr.org/2021/01/cybersecurity-insurance-has-a-big-problem
Kannan, K., Rees, J., & Sridhar, S. (2007). Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1), 69–91. https://doi.org/10.2753/JEC1086-4415120103.
King, W. R., & He, J. (2006). A meta-analysis of the technology acceptance model. Information & Management, 43(6), 740–755. https://doi.org/10.1016/j.im.2006.05.003.
Klein, P.-O. (2017). Do shareholders value bond offerings? A meta-analysis. University of Strasbourg. Working Paper. https://econpapers.repec.org/RePEc:lar:wpaper:2017-04.
Ko, M., Osei-Bryson, K.-M., & Dorantes, C. (2009). Investigating the impact of publicly announced information security breaches on three performance indicators of the breached firms. Information Resources Management Journal (IRMJ), 22(2), 1–21. https://doi.org/10.4018/irmj.200904010.
Konchitchki, Y., & O’Leary, D. E. (2011). Event study methodologies in information systems research. International Journal of Accounting Information Systems, 12(2), 99–115. https://doi.org/10.1016/j.accinf.2011.01.002.
Kros, J. R., Foltz, C. B., & Metcalf, C. L. (2005). Assessing & quantifying the loss of network intrusion. Journal of Computer Information Systems, 45(2), 36–43. https://doi.org/10.1080/08874417.2005.11645829.
Lamey, L., Breugelmans, E., Vuegen, M., & ter Braak, A. (2021). Retail service innovations and their impact on retailer shareholder value: Evidence from an event study. Journal of the Academy of Marketing Science, 49, 811–833. https://doi.org/10.1007/s11747-021-00777-z.
Landis, J. R., & Koch, G. G. (1977). The measurement of observer agreement for categorical data. Biometrics, 33(1), 159–174. https://doi.org/10.2307/2529310.
Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33(1), 71–90. https://doi.org/10.2307/20650279.
Liginlal, D., Sim, I., & Khansa, L. (2009). How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management. Computers & Security, 28(3–4), 215–228. https://doi.org/10.1016/j.cose.2008.11.003.
Lin, Z., Sapp, T. R. A., Ulmer, J. R., & Parsa, R. (2020). Insider trading ahead of cyber breach announcements. Journal of Financial Markets, 50, 100527. https://doi.org/10.1016/j.finmar.2019.100527.
Lind, J. T., & Mehlum, H. (2010). With or without U? The appropriate test for a U-shaped relationship. Oxford Bulletin of Economics and Statistics, 72(1), 109–118. https://doi.org/10.1111/j.1468-0084.2009.00569.x.
Lipsey, M. W., & Wilson, D. B. (2001). Practical meta-analysis. SAGE publications Inc.
Lowenberg, S. (2008). SOX’s outside reach a model for foreign markets. Politico. Retrieved September 15th, 2021 from: https://www.politico.com/story/2008/02/soxs-outside-reach-a-model-for-foreign-markets-008678.
Malhotra, A., & Kubowicz Malhotra, C. (2011). Evaluating customer information breaches as service failures: An event study approach. Journal of Service Research, 14(1), 44–59. https://doi.org/10.1177/1094670510383409.
Marotta, A., Martinelli, F., Nanni, S., Orlando, A., & Yautsiukhin, A. (2017). Cyber-insurance survey. Computer Science Review, 24, 35–61. https://doi.org/10.1016/j.cosrev.2017.01.001.
Masli, A., Peters, G. F., Richardson, V. J., & Sanchez, J. M. (2010). Examining the potential benefits of internal control monitoring technology. The Accounting Review, 85(3), 1001–1034. https://doi.org/10.2308/accr.2010.85.3.1001.
McLean, R. (2019). A hacker gained access to 100 million Capital One credit card applications and accounts [online]. Available from: A hacker gained access to 100 million Capital One credit card applications and accounts [Accessed 20 Aug 2020]. Retrieved from August 20th, 2020 from: https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html.
McShane, M., & Nguyen, T. (2020). Time-varying effects of cyberattacks on firm value. The Geneva Papers on Risk and Insurance-Issues and Practice, 45(4), 580–615. https://doi.org/10.1057/s41288-020-00170-x.
McWilliams, A., & Siegel, D. (1997). Event studies in management research: Theoretical and empirical issues. Academy of Management Journal, 40(3), 626–657. https://doi.org/10.5465/257056.
Modi, S. B., Wiles, M. A., & Mishra, S. (2015). Shareholder value implications of service failures in triads: The case of customer information security breaches. Journal of Operations Management, 35, 21–39. https://doi.org/10.1016/j.jom.2014.10.003.
Morse, E. A., Raval, V., & Wingender, J. R., Jr. (2011). Market price effects of data security breaches. Information Security Journal: A Global Perspective, 20(6), 263–273. https://doi.org/10.1080/19393555.2011.611860.
Orwin, R. G. (1983). A fail-safe N for effect size in meta-analysis. Journal of Educational Statistics, 8(2), 157–159. https://psycnet.apa.org/doi/10.2307/1164923.
Patell, J. M. (1976). Corporate forecasts of earnings per share and stock price behavior: Empirical test. Journal of Accounting Research, 14(2), 246–276. https://doi.org/10.2307/2490543.
Pirounias, S., Mermigas, D., & Patsakis, C. (2014). The relation between information security events and firm market value, empirical evidence on recent disclosures: An extension of the GLZ study. Journal of Information Security and Applications, 19(4–5), 257–271. https://doi.org/10.1016/j.jisa.2014.07.001.
Plachkinova, M., & Maurer, C. (2019). Security breach at Target. Journal of Information Systems Education, 29(1), 11–20. https://aisel.aisnet.org/jise/vol29/iss1/7.
Rainer, R. K., & Prince, B. (2021). Introduction to information systems. John Wiley & Sons.
Rappaport, A. (1986). Creating shareholder value: A guide for managers and investors. The Free Press.
Rasoulian, S. (2017). Market level consequences of information breach and effectiveness of crisis recoveries. Université de Montréal. PhD dissertation.
Richardson, V. J., Smith, R. E., & Watson, M. W. (2019). Much ado about nothing: The (lack of) economic impact of data privacy breaches. Journal of Information Systems, 33(3), 227–265. https://doi.org/10.2308/isys-52379.
Robey, D., & Boudreau, M.-C. (1999). Accounting for the contradictory organizational consequences of information technology: Theoretical directions and methodological implications. Information Systems Research, 10(2), 167–185. https://doi.org/10.1287/isre.10.2.167.
Rosati, P., Deeney, P., Cummins, M., Van der Werff, L., & Lynn, T. (2019). Social media and stock price reaction to data breach announcements: Evidence from US listed companies. Research in International Business and Finance, 47, 458–469. https://doi.org/10.1016/j.ribaf.2018.09.007.
Rosenthal, R. (1979). The file drawer problem and tolerance for null results. Psychological Bulletin, 86(3), 638–641. https://psycnet.apa.org/doi/10.1037/0033-2909.86.3.638.
Rosenthal, R., & Rubin, D. B. (2003). requivalent: A simple effect size indicator. Psychological Methods, 8(4), 492–496. https://psycnet.apa.org/doi/10.1037/1082-989X.8.4.492.
Roumani, Y., Nwankpa, J. K., & Roumani, Y. F. (2015). Time series modeling of vulnerabilities. Computers & Security, 51, 32–40. https://doi.org/10.1016/j.cose.2015.03.003.
Schatz, D., & Bashroush, R. (2016). The impact of repeated data breach events on organisations’ market value. Information & Computer Security, 24(1), 73–92. https://doi.org/10.1108/ICS-03-2014-0020.
Schermann, M., Dongus, K., Yetton, P., & Krcmar, H. (2016). The role of transaction cost economics in information technology outsourcing research: A meta-analysis of the choice of contract type. The Journal of Strategic Information Systems, 25(1), 32–48. https://doi.org/10.1016/j.jsis.2016.02.004.
Schlackl, F., Link, N., & Hoehle, H. (2022). Antecedents and Consequences of Data Breaches: A Systematic Review. Information & Management, 59(4), 103638. https://doi.org/10.1016/j.im.2022.103638.
Sorescu, A., Warren, N. L., & Ertekin, L. (2017). Event study methodology in the marketing literature: An overview. Journal of the Academy of Marketing Science, 45(2), 186–207. https://doi.org/10.1007/s11747-017-0516-y.
Spanos, G., & Angelis, L. (2016). The impact of information security events to the stock market: A systematic literature review. Computers & Security, 58, 216–229. https://doi.org/10.1016/j.cose.2015.12.006.
Srivastava, R. K., Shervani, T. A., & Fahey, L. (1998). Market-based assets and shareholder value: A framework for analysis. Journal of Marketing, 62(1), 2–18. https://doi.org/10.1177/002224299806200102.
Statista. (2020a). Average cost per hour of enterprise server downtime worldwide in 2019 [online]. Available from: https://www.statista.com/statistics/753938/worldwide-enterprise-server-hourly-downtime-cost/ [Accessed 3 Sep 2020].
Statista. (2020b). Retail e-commerce sales worldwide from 2014 to 2023 [online]. Available from: https://www.statista.com/statistics/379046/worldwide-retail-e-commerce-sales/ [Accessed 4 Sep 2020].
Sterne, J. A. C., Egger, M., & Smith, G. D. (2001). Investigating and dealing with publication and other biases in meta-analysis. BMJ, 323(7304), 101–105. https://doi.org/10.1136/bmj.323.7304.101.
Tallon, P. P., Ramirez, R. V., & Short, J. E. (2013). The information artifact in IT governance: Toward a theory of information governance. Journal of Management Information Systems, 30(3), 141–178. https://doi.org/10.2753/MIS0742-1222300306.
Telang, R., & Wattal, S. (2007). An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Transactions on Software Engineering, 33(8), 544–557. https://doi.org/10.1109/TSE.2007.70712.
Tu, H.-J. (2012). Performance implications of internet channels in financial services: A comprehensive perspective. Electronic Markets, 22(4), 243–254. https://doi.org/10.1007/s12525-012-0108-0.
Turjeman, D., & Feinberg, F. M. (2019). When the Data Are Out: Measuring Behavioral Changes Following a Data Breach. Available at SSRN 3427254. https://dx.doi.org/10.2139/ssrn.3427254.
Wang, H. E., Wang, Q. E., & Wu, W. (2020). Short Selling Surrounding Data Breaches. Available at SSRN 3554487. https://doi.org/10.2139/ssrn.3554487.
Wang, T., Ulmer, J. R., & Kannan, K. (2013). The textual contents of media reports of information security breaches and profitable short-term investment opportunities. Journal of Organizational Computing and Electronic Commerce, 23(3), 200–223. https://doi.org/10.1080/10919392.2013.807712.
Westland, J. C. (2020). The information content of Sarbanes-Oxley in predicting security breaches. Computers & Security, 90, 101687. https://doi.org/10.1016/j.cose.2019.101687.
Wood, J. (2008). Methodology for dealing with duplicate study effects in a meta-analysis. Organizational Research Methods, 11(1), 79–95. https://doi.org/10.1177/1094428106296638.
Yayla, A. A., & Hu, Q. (2011). The impact of information security events on the stock value of firms: The effect of contingency factors. Journal of Information Technology, 26(1), 60–77. https://doi.org/10.1057/jit.2010.4.
Zhao, X., & Johnson, M. E. (2010). Managing information access in data-rich enterprises with escalation and incentives. International Journal of Electronic Commerce, 15(1), 79–112. https://doi.org/10.2753/JEC1086-4415150104.
Author information
Authors and Affiliations
Contributions
Authors contributions to this study are equal and their names are displayed in an alphabetical order.
Corresponding author
Additional information
Responsible Editor: Hans Ulrich Buhl
Publisher's note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Supplementary information
Below is the link to the electronic supplementary material.
Rights and permissions
About this article
Cite this article
Ebrahimi, S., Eshghi, K. A meta-analysis of the factors influencing the impact of security breach announcements on stock returns of firms. Electron Markets 32, 2357–2380 (2022). https://doi.org/10.1007/s12525-022-00550-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12525-022-00550-2