Martin P. Loeb
ˇ@
Deloitte & Touche Faculty Fellow
Van Munching Hall 3351
Robert H. Smith School of Business
The University of Maryland
College Park, MD 20742, USA
Phone: (301) 405-2209

ˇ@

Book

Managing Cybersecurity Resources: A Cost-Benefit Analysis

ECONOMIC COST OF SECURITY BREACHES

  • Campbell, Katherine, Lawrence A. Gordon, Martin P. Loeb, and Lei Zhou, ˇ§The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market,ˇ¨ Journal of Computer Security, Vol. 11, No. 3, 2003, pp. 431-448.

This study examines the economic effect of information security breaches on the stock market value of corporations. This approach takes into account the indirect costs, as well as the direct costs, to the firm. The analysis shows that cyber security breaches in which confidential private information is compromised (e.g., the release of customer credit card numbers, bank account numbers, or medical records to unauthorized parties) have a significant negative effect on the stock market value of the attacked firm. However, security breaches not related to confidentiality (e.g., a temporary shut down of a corporate website) involve costs that are transitory and are unlikely to significantly affect shareholder value. Thus, market participants appear to discriminate across types of breaches and economically rational investment strategies should focus on protecting the firmsˇ¦ most valuable information assets.

ˇ@

ˇ@

ˇ@