{"title":"Financial Loss due to a Data Privacy Breach: An Empirical Analysis","authors":"Manas Tripathi, Arunabha Mukhopadhyay","doi":"10.1080/10919392.2020.1818521","DOIUrl":null,"url":null,"abstract":"ABSTRACT Previous studies have explored the impact of the cybersecurity breach on the market value of the firm, but the impact of the data privacy breach on the firm performance is less explored. The terms cybersecurity breach and data privacy breach are sometimes used interchangeably, but they are two different things. In this study, we have used the event study methodology and standard market model (MM) to observe the effect of the data privacy breach on the firm performance. We have also observed the impact of firm-specific characteristics (such as firm size and firm type) and attack-specific characteristics (such as attack type and damage potency) on the cumulative abnormal return (CAR) due to privacy breaches. We have used data of 131 data privacy breaches related to US firms for the years 2012 (43 breaches), 2013 (37 breaches), and 2014 (51 breaches). We have selected the period 2012-2014 for study as we have observed the major data privacy breaches occurred during this period. The results of this study demonstrate that the data privacy breach announcement negatively affects the market value of the firm. Another interesting finding of this study is that the market values of larger firms are less adversely affected by the data privacy breach event than the smaller firms. We have also calculated the average financial loss, which comes out to be $ 229 million, $ 241 million, and $ 108 million in the year 2012, 2013, and 2014, respectively, due to these data privacy breaches.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"30 1","pages":"381 - 400"},"PeriodicalIF":2.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10919392.2020.1818521","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2020.1818521","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 14
Abstract
ABSTRACT Previous studies have explored the impact of the cybersecurity breach on the market value of the firm, but the impact of the data privacy breach on the firm performance is less explored. The terms cybersecurity breach and data privacy breach are sometimes used interchangeably, but they are two different things. In this study, we have used the event study methodology and standard market model (MM) to observe the effect of the data privacy breach on the firm performance. We have also observed the impact of firm-specific characteristics (such as firm size and firm type) and attack-specific characteristics (such as attack type and damage potency) on the cumulative abnormal return (CAR) due to privacy breaches. We have used data of 131 data privacy breaches related to US firms for the years 2012 (43 breaches), 2013 (37 breaches), and 2014 (51 breaches). We have selected the period 2012-2014 for study as we have observed the major data privacy breaches occurred during this period. The results of this study demonstrate that the data privacy breach announcement negatively affects the market value of the firm. Another interesting finding of this study is that the market values of larger firms are less adversely affected by the data privacy breach event than the smaller firms. We have also calculated the average financial loss, which comes out to be $ 229 million, $ 241 million, and $ 108 million in the year 2012, 2013, and 2014, respectively, due to these data privacy breaches.
期刊介绍:
The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas.
JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business.
Theoretical, experimental, survey, and design science research are all welcome and might look at:
• E-commerce
• Collaborative commerce
• Interorganizational systems
• Enterprise systems
• Supply chain technologies
• Computer-supported cooperative work
• Computer-aided coordination
• Economics of organizational computing
• Technologies for organizational learning
• Behavioral aspects of organizational computing.