{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T18:17:33Z","timestamp":1770142653534,"version":"3.49.0"},"reference-count":48,"publisher":"Emerald","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,6,10]]},"abstract":"\n Purpose<\/jats:title>\n Due to the frequent occurrence of data breaches, managing the cost of these events has become one of the biggest challenges confronting modern businesses. Firms urgently require strong security and effective event response strategies to tackle data breaches.<\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n This study first quantified the cost of 196 data breach events between 2016 and 2019 using the event study method and then utilized the crisp-set qualitative comparative analysis (csQCA) method to investigate the influencing mechanisms of the data breach cost from the configured perspectives of firm, event and response strategy.<\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n The results of the event study revealed significant differences in the cost of data breaches and their influencing factors between traditional and Internet-based firms. While Internet-based firms tended to experience a negative market reaction following a data breach, traditional firms did not show the same pattern. Based on the configuration analysis, six different strategies for cost control were identified, including mitigation and apology strategies for internet-based firms and indifference, fact-statement, silence-keeping and reputation-building strategies for traditional firms.<\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n The findings of this study can provide deeper insights into the market reaction to data breach events as well as their influencing mechanisms. Furthermore, this study offers practical suggestions for corporations to manage and control the strikes of data breach incidents.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/dta-11-2023-0748","type":"journal-article","created":{"date-parts":[[2025,2,20]],"date-time":"2025-02-20T00:58:51Z","timestamp":1740013131000},"page":"452-471","source":"Crossref","is-referenced-by-count":0,"title":["Disentangling the market reaction to\u00a0corporate data breach events: a\u00a0configurational approach"],"prefix":"10.1108","volume":"59","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8864-2790","authenticated-orcid":true,"given":"Haiping","family":"Zhao","sequence":"first","affiliation":[{"name":"China University of Petroleum East China School of Economics and Management, , ,","place":["Qingdao, China"]},{"name":"China University of Petroleum East China Institute for Digital Transformation, , ,","place":["Qingdao, China"]}]},{"given":"Chongzhi","family":"Rao","sequence":"additional","affiliation":[{"name":"China University of Petroleum East China School of Economics and Management, , ,","place":["Qingdao, China"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8312-2294","authenticated-orcid":true,"given":"Mengli","family":"Yu","sequence":"additional","affiliation":[{"name":"Nankai University School of Journalism and Communication, , ,","place":["Tianjin, China"]},{"name":"Nankai University Publishing Research Institute, , ,","place":["Tianjin, China"]}]},{"given":"Ling","family":"Jian","sequence":"additional","affiliation":[{"name":"China University of Petroleum East China School of Economics and Management, , ,","place":["Qingdao, China"]},{"name":"China University of Petroleum East China Institute for Digital Transformation, , ,","place":["Qingdao, China"]}]}],"member":"140","published-online":{"date-parts":[[2025,2,21]]},"reference":[{"key":"2026012706112855500_ref001","unstructured":"Alfred, N. and Sean, K. (2019), \u201cEquifax to pay at least $575 million as part of FTC settlement\u201d, CNET, available at:\u00a0https:\/\/www.cnet.com\/news\/privacy\/equifax-to-pay-at-least-575m-as-part-of-ftc-settlement\/ (accessed\u00a022 July 2019)."},{"issue":"3","key":"2026012706112855500_ref002","doi-asserted-by":"publisher","first-page":"431","DOI":"10.3233\/JCS-2003-11308","article-title":"The economic cost of publicly announced information security breaches: empirical evidence from the stock market","volume":"11","author":"Campbell","year":"2003","journal-title":"Journal of Computer Security"},{"key":"2026012706112855500_ref003","article-title":"Prioritizing investments in cybersecurity: empirical evidence from an event study on the determinants of cyberattack costs","author":"Celeny","year":"2024","journal-title":"arXiv"},{"key":"2026012706112855500_ref004","article-title":"Uber pays $148 million over yearlong cover-up of data breach","author":"Chappell","year":"2018","journal-title":"NPR Business"},{"key":"2026012706112855500_ref005","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2002.994192","article-title":"Assessing the risk in e-commerce","author":"Ettredge","year":"2002"},{"issue":"9","key":"2026012706112855500_ref006","doi-asserted-by":"publisher","first-page":"3094","DOI":"10.1080\/1540496x.2023.2210721","article-title":"Adverse effects of data breach on public companies: a study based on interpersonal gossip theory","volume":"59","author":"Fang","year":"2023","journal-title":"Emerging Markets Finance and Trade"},{"issue":"10","key":"2026012706112855500_ref007","doi-asserted-by":"publisher","first-page":"7298","DOI":"10.1287\/mnsc.2021.4264","article-title":"Data breach announcements and stock market reactions: a matter of timing?","volume":"68","author":"Foerderer","year":"2022","journal-title":"Management Science"},{"key":"2026012706112855500_ref008","first-page":"674","article-title":"The effects of data breaches on public companies: a mirage or reality?","author":"Frimpong","year":"2021"},{"issue":"1","key":"2026012706112855500_ref009","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1111\/j.1540-6296.2010.01178.x","article-title":"The effect of data breaches on shareholder wealth","volume":"13","author":"Gatzlaff","year":"2010","journal-title":"Risk Management and Insurance Review"},{"issue":"3","key":"2026012706112855500_ref010","doi-asserted-by":"publisher","first-page":"511","DOI":"10.1108\/JHTT-11-2019-0138","article-title":"Data breaches in hospitality: is the industry different?","volume":"11","author":"Gwebu","year":"2020","journal-title":"Journal of Hospitality and Tourism Technology"},{"issue":"2","key":"2026012706112855500_ref037","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1080\/07421222.2018.1451962","article-title":"The role of corporate reputation and crisis response strategies in data breach management","volume":"35","author":"Gwebu","year":"2018","journal-title":"Journal of Management Information Systems"},{"key":"2026012706112855500_ref011","doi-asserted-by":"crossref","unstructured":"Hooven, D.\n (2021), \u201cHow much does a data breach cost in 2021?\u201d, Schneider Downs, available at:\u00a0https:\/\/www.schneiderdowns.com\/our-thoughts-on\/2021-data-breach-cost (accessed\u00a04 November 2021).","DOI":"10.1016\/S1361-3723(21)00082-8"},{"issue":"2","key":"2026012706112855500_ref012","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1046\/j.1098-1616.2003.026.x","article-title":"The impact of denial-of-service attack announcements on the market value of firms","volume":"6","author":"Hovav","year":"2003","journal-title":"Risk Management and Insurance Review"},{"key":"2026012706112855500_ref013","first-page":"214","volume-title":"Information Assurance Technology Analysis Center (IATAC)","author":"Howard","year":"1997"},{"key":"2026012706112855500_ref014","unstructured":"Irwin, L.\n (2022), \u201cList of data breaches and cyber-attacks in May 2022\u201d, 49.8 million records breached. IT Governance Blog, available at:\u00a0https:\/\/www.itgovernance.co.uk\/blog\/list-of-data-breaches-and-cyber-attacks-in-may-2022-49-8-million-records-breached (accessed\u00a01 June 2022)."},{"key":"2026012706112855500_ref015","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2925995.2926003","article-title":"Information security recipe in small-and medium-sized enterprises: an interpretive study in Japan","author":"Ishino","year":"2016"},{"issue":"5","key":"2026012706112855500_ref048","doi-asserted-by":"publisher","first-page":"681","DOI":"10.1016\/j.im.2018.11.003","article-title":"Information security breaches and IT security investments: Impacts on competitors","volume":"56","author":"Jeong","year":"2019","journal-title":"Information and Management"},{"key":"2026012706112855500_ref039","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1109\/PDP.2017.82","article-title":"Analysing the impact of a DDoS attack announcement on victim stock prices","author":"Joosten","year":"2017","journal-title":"In 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP)"},{"issue":"6","key":"2026012706112855500_ref016","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/jgim.20211101.oa4","article-title":"How do investors perceive the materiality of data security incidents?","volume":"29","author":"Juma\u2019h","year":"2021","journal-title":"Journal of Global Information Management"},{"issue":"3","key":"2026012706112855500_ref017","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1057\/s41299-021-00121-9","article-title":"Data breaches and effective crisis communication: a comparative analysis of corporate reputational crises","volume":"25","author":"Kuipers","year":"2022","journal-title":"Corp Reputation Rev"},{"issue":"4","key":"2026012706112855500_ref018","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0301667","article-title":"Research on the generative logic and configuration effects of the policy implementation environment in China's grassroots digital construction: traceability based on grounded theory and the validation of the csQCA method","volume":"19","author":"Li","year":"2024","journal-title":"PLoS One"},{"key":"2026012706112855500_ref019","first-page":"93","article-title":"Use of cookies after GDPR: a case study of top Lithuanian websites","volume":"20","author":"Limba","year":"2021","journal-title":"Transformations in Business and Economics"},{"issue":"1","key":"2026012706112855500_ref020","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1111\/isj.12094","article-title":"Applying configurational analysis to IS behavioural research: a methodological alternative for modelling combinatorial complexities","volume":"27","author":"Liu","year":"2017","journal-title":"Information Systems Journal"},{"issue":"1","key":"2026012706112855500_ref021","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1177\/1094670510383409","article-title":"Evaluating customer information breaches as service failures: an event study approach","volume":"14","author":"Malhotra","year":"2011","journal-title":"Journal of Service Research"},{"issue":"1","key":"2026012706112855500_ref040","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1509\/jm.15.0497","article-title":"Data privacy: Effects on customer and firm performance","volume":"81","author":"Martin","year":"2017","journal-title":"Journal of Marketing"},{"key":"2026012706112855500_ref022","article-title":"Please be silent? Examining the impact of data breach response strategies on the stock value","author":"Masuch","year":"2020"},{"issue":"4","key":"2026012706112855500_ref038","doi-asserted-by":"crossref","first-page":"829","DOI":"10.1007\/s12525-021-00490-3","article-title":"What to do after a data breach? Examining apology and compensation as response strategies for health service providers","volume":"31","author":"Masuch","year":"2021","journal-title":"Electronic Markets"},{"key":"2026012706112855500_ref023","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102502","article-title":"Apologize or justify? Examining the impact of data breach response actions on stock value of affected companies?","volume":"112","author":"Masuch","year":"2022","journal-title":"Computers and Security"},{"key":"2026012706112855500_ref042","doi-asserted-by":"publisher","first-page":"580","DOI":"10.1057\/s41288-020-00170-x","article-title":"Time-varying effects of cyberattacks on firm value","volume":"45","author":"McShane","year":"2020","journal-title":"The Geneva Papers on Risk and Insurance-Issues and Practice"},{"issue":"6","key":"2026012706112855500_ref024","doi-asserted-by":"publisher","first-page":"1175","DOI":"10.2307\/256809","article-title":"Configurational approaches to organizational analysis","volume":"36","author":"Meyer","year":"1993","journal-title":"Academy of Management Journal"},{"key":"2026012706112855500_ref041","first-page":"1","volume-title":"The comparative method: Moving beyond qualitative and quantitative strategies","author":"Ragin","year":"1987"},{"issue":"1","key":"2026012706112855500_ref025","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1177\/10946705211036944","article-title":"The effects of service crises and recovery resources on market reactions: an event study analysis on data breach announcements","volume":"26","author":"Rasoulian","year":"2023","journal-title":"Journal of Service Research"},{"key":"2026012706112855500_ref044","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1016\/j.irfa.2017.01.001","article-title":"The effect of data breach announcements beyond the stock price: Empirical evidence on market activity","volume":"49","author":"Rosati","year":"2017","journal-title":"International Review of Financial Analysis"},{"key":"2026012706112855500_ref043","doi-asserted-by":"publisher","first-page":"458","DOI":"10.1016\/j.ribaf.2018.09.007","article-title":"Social media and stock price reaction to data breach announcements: Evidence from US listed companies","volume":"47","author":"Rosati","year":"2019","journal-title":"Research in International Business and Finance"},{"issue":"2","key":"2026012706112855500_ref026","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1080\/13501763.2022.2147578","article-title":"Varieties of enforcement strategies post-GDPR: a fuzzy-set qualitative comparative analysis (fsQCA) across data protection authorities","volume":"31","author":"Sivan-Sevilla","year":"2024","journal-title":"Journal of European Public Policy"},{"key":"2026012706112855500_ref036","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2017.602","article-title":"Firm actions toward data breach incidents and firm equity value: an empirical study","author":"Song","year":"2017","journal-title":"Proceedings of the 50th Hawaii International Conference on System Sciences"},{"issue":"1","key":"2026012706112855500_ref027","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2010.07.006","article-title":"A survey on security issues in service delivery models of cloud computing","volume":"34","author":"Subashini","year":"2011","journal-title":"Journal of Network and Computer Applications"},{"issue":"3","key":"2026012706112855500_ref028","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1016\/j.jsis.2018.12.001","article-title":"Enterprise reputation threats on social media: a case of data breach framing","volume":"28","author":"Syed","year":"2019","journal-title":"The Journal of Strategic Information Systems"},{"issue":"2","key":"2026012706112855500_ref047","doi-asserted-by":"publisher","first-page":"650","DOI":"10.1108\/JEIM-11-2020-0450","article-title":"The financial impacts of information systems security breaches on publicly traded companies: reactions of different sectors","volume":"35","author":"Tayaksi","year":"2022","journal-title":"Journal of Enterprise Information Management"},{"key":"2026012706112855500_ref046","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.irfa.2021.101795","article-title":"Cyber-attacks and stock market activity","volume":"76","author":"Tosun","year":"2021","journal-title":"International Review of Financial Analysis"},{"issue":"4","key":"2026012706112855500_ref045","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1080\/10919392.2020.1818521","article-title":"Financial loss due to a data privacy breach: An empirical analysis","volume":"30","author":"Tripathi","year":"2020","journal-title":"Journal of Organizational Computing and Electronic Commerce"},{"issue":"2","key":"2026012706112855500_ref029","doi-asserted-by":"publisher","first-page":"440","DOI":"10.1287\/mksc.2019.0208","article-title":"When the data are out: measuring behavioral changes following a data breach","volume":"43","author":"Turjeman","year":"2024","journal-title":"Marketing Science"},{"issue":"2","key":"2026012706112855500_ref030","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1287\/isre.1120.0437","article-title":"The association between the disclosure and the realization of information security risk factors","volume":"24","author":"Wang","year":"2013","journal-title":"Information Systems Research"},{"issue":"1","key":"2026012706112855500_ref031","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1057\/jit.2010.4","article-title":"The impact of information security events on the stock value of firms: the effect of contingency factors","volume":"26","author":"Yayla","year":"2011","journal-title":"Journal of Information Technology"},{"issue":"2","key":"2026012706112855500_ref032","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1108\/JHTT-05-2019-0080","article-title":"Cyber-attacks on hospitality sector: stock market reaction","volume":"11","author":"Arcuri","year":"2020","journal-title":"Journal of Hospitality and Tourism Technology"},{"issue":"3","key":"2026012706112855500_ref033","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1016\/j.im.2014.12.006","article-title":"The influence of data theft on the share prices and systematic risk of consumer electronics companies","volume":"52","author":"Hinz","year":"2015","journal-title":"Information and Management"},{"key":"2026012706112855500_ref034","first-page":"4772","article-title":"Should you disclose a data breach via social media? evidence from US listed companies","author":"Rosati","year":"2018"},{"key":"2026012706112855500_ref035","first-page":"465","volume-title":"Is the Market Value of Software Vendors Affected by Software Vulnerability Announcements? Strategic Innovative Marketing","author":"Spanos","year":"2017"}],"container-title":["Data Technologies and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/DTA-11-2023-0748\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/dta\/article-pdf\/59\/3\/452\/11202679\/dta-11-2023-0748en.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/dta\/article-pdf\/59\/3\/452\/11202679\/dta-11-2023-0748en.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T11:11:35Z","timestamp":1769512295000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/dta\/article\/59\/3\/452\/1248844\/Disentangling-the-market-reaction-to-corporate"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,21]]},"references-count":48,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6,10]]}},"URL":"https:\/\/doi.org\/10.1108\/dta-11-2023-0748","relation":{},"ISSN":["2514-9288","2514-9318"],"issn-type":[{"value":"2514-9288","type":"print"},{"value":"2514-9318","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,21]]}}}