{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,17]],"date-time":"2026-01-17T04:11:45Z","timestamp":1768623105116,"version":"3.49.0"},"reference-count":42,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2016,3,14]],"date-time":"2016-03-14T00:00:00Z","timestamp":1457913600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016,3,14]]},"abstract":"Purpose<\/jats:title>\u2013 This study aims to examine the influence of one or more information security breaches on an organisation\u2019s stock market value as a way to benchmark the wider economic impact of such events.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>\u2013 An event studies-based approach was used where a measure of the event\u2019s economic impact can be constructed using security prices observed over a relatively short period of time.<\/jats:p><\/jats:sec>Findings<\/jats:title>\u2013 Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.<\/jats:p><\/jats:sec>Research limitations\/implications<\/jats:title>\u2013 One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.<\/jats:p><\/jats:sec>Practical implications<\/jats:title>\u2013 One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>\u2013 This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-03-2014-0020","type":"journal-article","created":{"date-parts":[[2016,2,25]],"date-time":"2016-02-25T10:03:20Z","timestamp":1456394600000},"page":"73-92","source":"Crossref","is-referenced-by-count":40,"title":["The impact of repeated data breach events on organisations\u2019 market value"],"prefix":"10.1108","volume":"24","author":[{"given":"Daniel","family":"Schatz","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rabih","family":"Bashroush","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121800460289500_b1","doi-asserted-by":"crossref","unstructured":"Anderson, R. (2001), \u201cWhy information security is hard - an economic perspective\u201d, Proceedings IEEE Computer Society on 17th Annual Computer Security Applications Conference, Los Alamitos, pp. 358-365.","DOI":"10.1109\/ACSAC.2001.991552"},{"key":"key2020121800460289500_b2","doi-asserted-by":"crossref","unstructured":"Andoh-Baidoo, F.K. , Amoako-Gyampah, K. and Osei-Bryson, K.M. (2010), \u201cHow internet security breaches harm market value\u201d, Security & Privacy, IEEE , Vol. 8 No. 1, pp. 36-42.","DOI":"10.1109\/MSP.2010.37"},{"key":"key2020121800460289500_b3","doi-asserted-by":"crossref","unstructured":"Boehmer, E. , Masumeci, J. and Poulsen, A. B. (1991), \u201cEvent-study methodology under conditions of event-induced variance\u201d, Journal of Financial Economics , Vol. 30 No. 2, pp. 253-272.","DOI":"10.1016\/0304-405X(91)90032-F"},{"key":"key2020121800460289500_b4","doi-asserted-by":"crossref","unstructured":"Brown, S.J. and Warner, J.B. (1985), \u201cUsing daily stock returns \u2013 the case of event studies\u201d, Journal of Financial Economics , Vol. 14 No. 1, pp. 3-31.","DOI":"10.1016\/0304-405X(85)90042-X"},{"key":"key2020121800460289500_b5","doi-asserted-by":"crossref","unstructured":"Campbell, K. , Gordon, L.A. , Loeb, M.P. and Lei, Z. (2003), \u201cThe economic cost of publicly announced information security breaches: empirical evidence from the stock market\u201d, Journal of Computer Security , Vol. 11 No. 3, pp. 431-448.","DOI":"10.3233\/JCS-2003-11308"},{"key":"key2020121800460289500_b6","doi-asserted-by":"crossref","unstructured":"Cavusoglu, H. , Mishra, B. and Raghunathan, S. (2004), \u201cThe effect of Internet security breach announcements on market value: capital market reactions for breached firms and Internet security developers\u201d, International Journal of Electronic Commerce , Vol. 9 No. 1, pp. 69-104.","DOI":"10.1080\/10864415.2004.11044320"},{"key":"key2020121800460289500_b7","doi-asserted-by":"crossref","unstructured":"Corrado, C. J. (1989), \u201cA nonparametric test for abnormal security-price performance in event studies\u201d, Journal of Financial Economics , Vol. 23 No. 2, pp. 385-395.","DOI":"10.1016\/0304-405X(89)90064-0"},{"key":"key2020121800460289500_b8","doi-asserted-by":"crossref","unstructured":"Cowan, A. R. (1992), \u201cNonparametric event study tests\u201d, Review of Quantitative Finance and Accounting , Vol. 2 No. 4, pp. 343-358.","DOI":"10.1007\/BF00939016"},{"key":"key2020121800460289500_b9","doi-asserted-by":"crossref","unstructured":"Cutler, D.M. , Poterba, J.M. and Summers, L.H. (1989), \u201cWhat moves stock-prices\u201d, Journal of Portfolio Management , Vol. 15 No. 3, pp. 4-12.","DOI":"10.3905\/jpm.1989.409212"},{"key":"key2020121800460289500_b10","doi-asserted-by":"crossref","unstructured":"Debondt, W.F.M. and Thaler, R. (1985), \u201cDoes the stock market overreact?\u201d, The Journal of Finance , Vol. 40 No. 3, pp. 793-805.","DOI":"10.1111\/j.1540-6261.1985.tb05004.x"},{"key":"key2020121800460289500_b11","doi-asserted-by":"crossref","unstructured":"Dichev, I.D. and Janes, T. D. (2003), \u201cLunar cycle effects in stock returns\u201d, The Journal of Private Equity , Vol. 6 No. 4, pp. 8-29.","DOI":"10.3905\/jpe.2003.320053"},{"key":"key2020121800460289500_b12","unstructured":"Dipietro, B. (2013), \u201cInternational data breach laws are all over the map\u201d, available at: http:\/\/blogs.wsj.com\/riskandcompliance\/2013\/09\/24\/international-data-breach-laws-are-all-over-the-map\/ (accessed 23 November 2013)."},{"key":"key2020121800460289500_b13","doi-asserted-by":"crossref","unstructured":"Duso, T. , Gugler, K. and Yurtoglu, B. (2010), \u201cIs the event study methodology useful for merger analysis? A comparison of stock market and accounting data\u201d, International Review of Law and Economics , Vol. 30 No. 2, pp. 186-192.","DOI":"10.1016\/j.irle.2010.02.001"},{"key":"key2020121800460289500_b14","doi-asserted-by":"crossref","unstructured":"Dyckman, T. , Philbrick, D. and Stephan, J. (1984), \u201cA comparison of event study methodologies using daily stock returns: a simulation approach\u201d, Journal of Accounting Research , Vol. 22 No. S1, pp. 1-30.","DOI":"10.2307\/2490855"},{"key":"key2020121800460289500_b15","doi-asserted-by":"crossref","unstructured":"Fama, E. F. (1970), \u201cEfficient capital markets \u2013 review of theory and empirical work\u201d, Journal of Finance , Vol. 25 No. 2, pp. 383-423.","DOI":"10.2307\/2325486"},{"key":"key2020121800460289500_b16","doi-asserted-by":"crossref","unstructured":"Fama, E.F. , Fisher, L. , Jensen, M.C. and Roll, R. (1969), \u201cThe adjustment of stock prices to new information\u201d, International Economic Review , Vol. 10 No. 1, pp. 1-21.","DOI":"10.2307\/2525569"},{"key":"key2020121800460289500_b17","doi-asserted-by":"crossref","unstructured":"Garg, A. , Curtis, J. and Halper, H. (2003), \u201cQuantifying the financial impact of IT security breaches\u201d, Information Management & Computer Security , Vol. 11 No. 2, pp. 74-83.","DOI":"10.1108\/09685220310468646"},{"key":"key2020121800460289500_b18","doi-asserted-by":"crossref","unstructured":"Gatzlaff, K.M. and Mccullough, K.A. (2010), \u201cThe effect of data breaches on shareholder wealth\u201d, Risk Management and Insurance Review , Vol. 13 No. 1, pp. 61-83.","DOI":"10.1111\/j.1540-6296.2010.01178.x"},{"key":"key2020121800460289500_b19","unstructured":"Gordon, L.A. and Loeb, M.P. (2002), \u201cReturn on information security investments: myths vs realities\u201d, strategic Finance , Vol. 84 No. 5, pp. 26-31."},{"key":"key2020121800460289500_b20","unstructured":"Grama, J. (2010), Legal Issues in Information Security , Jones & Bartlett Publishers, Burlington, MA."},{"key":"key2020121800460289500_b21","doi-asserted-by":"crossref","unstructured":"Ince, O.S. and Porter, R.B. (2006), \u201cIndividual equity return data from thomson datastream: handle with care!\u201d, Journal of Financial Research , Vol. 29 No. 4, pp. 463-479.","DOI":"10.1111\/j.1475-6803.2006.00189.x"},{"key":"key2020121800460289500_b22","unstructured":"International Standards Organisation (2014), \u201cISO\/IEC DIS 27040 (Draft)\u201d, Information Technology , BSI, London."},{"key":"key2020121800460289500_b23","doi-asserted-by":"crossref","unstructured":"Kannan, K. , Rees, J. and Sridhar, S. (2007), \u201cMarket reactions to information security breach announcements: an empirical analysis\u201d, International Journal of Electronic Commerce , Vol. 12 No. 1, pp. 69-91.","DOI":"10.2753\/JEC1086-4415120103"},{"key":"key2020121800460289500_b24","doi-asserted-by":"crossref","unstructured":"Kolari, J.W. and Pynn\u00f6nen, S. (2010), \u201cEvent study testing with cross-sectional correlation of abnormal returns\u201d, Review of Financial Studies , Vol. 23 No. 11, pp. 3996-4025.","DOI":"10.1093\/rfs\/hhq072"},{"key":"key2020121800460289500_b25","unstructured":"Kothari, S. and Warner, J. (2004), \u201cThe econometrics of event studies\u201d, in ECKBO, B.E. (Ed.), Handbook of Corporate Finance: Empirical Corporate Finance , Elsevier, Amsterdam."},{"key":"key2020121800460289500_b26","doi-asserted-by":"crossref","unstructured":"Lo, A. and Mackinlay, A. (1988), \u201cStock market prices do not follow random walks: evidence from a simple specification test\u201d, Review of Financial Studies , Vol. 1 No. 1, pp. 41-66.","DOI":"10.1093\/rfs\/1.1.41"},{"key":"key2020121800460289500_b27","unstructured":"Mackinlay, A.C. (1997), \u201cEvent studies in economics and finance\u201d, Journal of Economic Literature , Vol. 35 No. 1, pp. 13-39."},{"key":"key2020121800460289500_b28","doi-asserted-by":"crossref","unstructured":"Malkiel, B. G. (2003), \u201cThe efficient market hypothesis and its critics\u201d, Journal of Economic Perspectives , Vol. 17 No. 1, pp. 59-82.","DOI":"10.1257\/089533003321164958"},{"key":"key2020121800460289500_b29","unstructured":"National Institute of Standards and Technology (2012), \u201cComputer security incident handling guide\u201d, in Commerce, U.S.D.O. (Ed.), 2nd edn., National Institute of Standards and Technology, Gaithersburg."},{"key":"key2020121800460289500_b30","unstructured":"Passeri, P. (2013), \u201c2013 Top 20 Breaches\u201d, available at: http:\/\/hackmageddon.com\/2013\/12\/30\/2013-top-20-breaches\/ (accessed 7 March 2014)."},{"key":"key2020121800460289500_b31","doi-asserted-by":"crossref","unstructured":"Patell, J. M. (1976), \u201cCorporate forecasts of earnings per share and stock price behavior: empirical test\u201d, Journal of Accounting Research , Vol. 14 No. 2, pp. 246-276.","DOI":"10.2307\/2490543"},{"key":"key2020121800460289500_b32","doi-asserted-by":"crossref","unstructured":"Pearson, K. (1900), \u201cX. On the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling\u201d, Philosophical Magazine Series , Vol. 50 No. 302, pp. 157-175.","DOI":"10.1080\/14786440009463897"},{"key":"key2020121800460289500_b33","unstructured":"Ponemon Institute (2014), Cost of Data Breach Study , Ponemon Institute LLC, Michigan."},{"key":"key2020121800460289500_b34","doi-asserted-by":"crossref","unstructured":"Scholes, M. and Williams, J. (1977), \u201cEstimating betas from nonsynchronous data\u201d, Journal of Financial Economics , Vol. 5 No. 3, pp. 309-327.","DOI":"10.1016\/0304-405X(77)90041-1"},{"key":"key2020121800460289500_b35","doi-asserted-by":"crossref","unstructured":"Shapiro, S.S. and Wilk, M.B. (1965), \u201cAn analysis of variance test for normality (complete samples)\u201d, Biometrika , Vol. 52 Nos 3\/4, pp. 591-611.","DOI":"10.1093\/biomet\/52.3-4.591"},{"key":"key2020121800460289500_b36","unstructured":"Smedinghoff, T. J. (2006), Where we\u2019re Headed\u2013New Developments and Trends in the Law of Information Security, Wildman Harrold News & Publications, available at: www.edwardswildman.com\/Files\/Publication\/867dcafd-bdae-4c33-affe-68ea2ad688c0\/Presentation\/PublicationAttachment\/2e55edad-c12b-4e47-8df8-e31faee30d1b\/Where_We\u2019re_Headed_-_New_Developments_and_Trends_in_the_Law_of_Information_Securit.pdf (accessed 20 November 2013)."},{"key":"key2020121800460289500_b37","doi-asserted-by":"crossref","unstructured":"Telang, R. and Wattal, S. (2007), \u201cAn empirical analysis of the impact of software vulnerability announcements on firm stock price\u201d, IEEE Transactions on Software Engineering , Vol. 33 No. 8, pp. 544-557.","DOI":"10.1109\/TSE.2007.70712"},{"key":"key2020121800460289500_b38","unstructured":"Wang, T. , Rees, J. and Kannan, K. (2007), \u201cReading the disclosures with new eyes: bridging the gap between information security disclosures and incidents\u201d, Seventh Workshop on the Economics of Information Security , Hanover, NH."},{"key":"key2020121800460289500_b39","unstructured":"Widup, S. (2012), \u201cClosing the vault door\u201d, available at: http:\/\/theleakingvault.com\/closing-the-vault-door (accessed 2 November 2013)."},{"key":"key2020121800460289500_b40","doi-asserted-by":"crossref","unstructured":"Wilcoxon, F. (1945), \u201cIndividual comparisons by ranking methods\u201d, Biometrics Bulletin , Vol. 1 No. 6, pp. 80-83.","DOI":"10.2307\/3001968"},{"key":"key2020121800460289500_b41","doi-asserted-by":"crossref","unstructured":"Yayla, A.A. and Hu, Q. (2011), \u201cThe impact of information security events on the stock value of firms: the effect of contingency factors\u201d, Journal of Information Technology , Vol. 26 No. 1, pp. 60-77.","DOI":"10.1057\/jit.2010.4"},{"key":"key2020121800460289500_b42","doi-asserted-by":"crossref","unstructured":"Zimmerman, D.W. (1994), \u201cA note on the influence of outliers on parametric and nonparametric tests\u201d, The Journal of General Psychology , Vol. 121 No. 4, pp. 391-401.","DOI":"10.1080\/00221309.1994.9921213"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-03-2014-0020","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-03-2014-0020\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-03-2014-0020\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:44Z","timestamp":1753406564000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/1\/73-92\/108761"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,3,14]]},"references-count":42,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,3,14]]}},"alternative-id":["10.1108\/ICS-03-2014-0020"],"URL":"https:\/\/doi.org\/10.1108\/ics-03-2014-0020","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2016,3,14]]}}}