{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T10:44:41Z","timestamp":1780051481012,"version":"3.53.1"},"reference-count":11,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2003,5,1]],"date-time":"2003-05-01T00:00:00Z","timestamp":1051747200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003,5,1]]},"abstract":"Internet security is a pervasive concern for all companies. However, developing the business case to support investments in IT security has been particularly challenging because of difficulties in precisely quantifying the economic impact of a breach. Previous studies have attempted to quantify the magnitude of losses resulting from a breach in IT security, but reliance on self\u2010reported company data has resulted in widely varying estimates of limited credibility. Employing an event study methodology, this study offers an alternative approach and more rigorous evaluation of breaches in IT security. This attempt has revealed several new perspectives concerning the market reaction to IT security breaches. A final component of the study is the extension of the analysis to incorporate eSecurity vendors and a fuller exploration of market reactions before and after the denial of service attacks of February 2000. The key takeaway for corporate IT decision makers is that IT security breaches are extremely costly, and that the stock market has already factored in some level of optimal IT security investment by companies.<\/jats:p>","DOI":"10.1108\/09685220310468646","type":"journal-article","created":{"date-parts":[[2003,4,25]],"date-time":"2003-04-25T19:59:38Z","timestamp":1051300778000},"page":"74-83","source":"Crossref","is-referenced-by-count":172,"title":["Quantifying the financial impact of IT security breaches"],"prefix":"10.1108","volume":"11","author":[{"given":"Ashish","family":"Garg","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jeffrey","family":"Curtis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hilary","family":"Halper","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"140","reference":[{"key":"key2022020420144077500_B1","unstructured":"Bosworth, S. and Kabay, M.E. (Eds) (2002), Computer Security Handbook, 4th ed., John Wiley, New York, NY."},{"key":"key2022020420144077500_B2","unstructured":"Cavusoglu, H., Mishra, B. and Raghumathan, R. (2002), The Effect of Internet Security Breach Announcements on Market Value of Breached Firms and Internet Security Developers, Working Paper, The University of Texas at Dallas School of Management, Dallas, TX."},{"key":"key2022020420144077500_B3","unstructured":"Ernst & Young, LLP (2002), Global Information Security Survey."},{"key":"key2022020420144077500_B4","doi-asserted-by":"crossref","unstructured":"Ettredge, M. and Richardson, V. (2001), Assessing the Risk in E\u2010Commerce, October, working paper, University of Kansas, Lawrence, KS.","DOI":"10.2139\/ssrn.268737"},{"key":"key2022020420144077500_B5","doi-asserted-by":"crossref","unstructured":"Fama, E.F., Fisher, L., Jensen, M. and Roll, R. (1969), \u201cThe adjustment of stock prices to new information\u201d, International Economic Review, Vol. 10, pp. 1\u201021.","DOI":"10.2307\/2525569"},{"key":"key2022020420144077500_B6","unstructured":"Kabay, M.E. (2001), \u201cStudies and surveys of computer crime\u201d, Computer Security Handbook, 4th ed."},{"key":"key2022020420144077500_B7","unstructured":"META Group (2002), Security Adoption and Deployment Strategies, available at: www.metagroup.com\/cgi\u2010bin\/inetcgi\/jsp\/search\/quickSearch.jsp"},{"key":"key2022020420144077500_B8","doi-asserted-by":"crossref","unstructured":"McWilliams, A. and Siegel, D. (1997), \u201cEvent studies in management research: theoretical and empirical issues\u201d, Academy of Management Journal, Vol. 40, pp. 626\u201057.","DOI":"10.2307\/257056"},{"key":"key2022020420144077500_B9","doi-asserted-by":"crossref","unstructured":"Power, R. (2002), \u201c2002 CSI\/FBI computer crime and security survey\u201d, Computer Security Issues & Trends, Vol. VIII No. 1, pp. 1\u201022.","DOI":"10.1016\/S1361-3723(02)01001-1"},{"key":"key2022020420144077500_B10","unstructured":"Research Concepts, LLC (2002), \u201cTrends in the Networked World\u201d, 2002 Network World 500 Research Study, May."},{"key":"key2022020420144077500_B11","unstructured":"Sigmond, S. and Kaura, V. (Ed.) (2001), \u201cSafe and sound \u2013 a treatise on Internet security\u201d, RBC Capital Markets, November."}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220310468646","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220310468646\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220310468646\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:08:45Z","timestamp":1753402125000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/11\/2\/74-83\/172695"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003,5,1]]},"references-count":11,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2003,5,1]]}},"alternative-id":["10.1108\/09685220310468646"],"URL":"https:\/\/doi.org\/10.1108\/09685220310468646","relation":{},"ISSN":["0968-5227"],"issn-type":[{"value":"0968-5227","type":"print"}],"subject":[],"published":{"date-parts":[[2003,5,1]]}}}