{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T18:11:02Z","timestamp":1767895862746,"version":"3.49.0"},"reference-count":64,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2021,4,8]],"date-time":"2021-04-08T00:00:00Z","timestamp":1617840000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,8,17]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>This study aims to evaluate changes to the financial performance of organizations in the 1\u20134 quarters following a data breach event. The study introduces two new variables, \u201cintangible assets\u201d and \u201cextraordinary losses\u201d to the discussion on the impact of data breaches on an organization\u2019s financial performance. Intangible assets allow us to gauge the data breach\u2019s impact on the organization\u2019s brand reputation and intellectual capital reserves. Extraordinary losses allow us to gauge if organizations considered data breaches truly detrimental to their operations that they rose to the level of \u201cextraordinary\u201d and not an event that could be incorporated into its usual operating expenses.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>This study uses a matched sample comparison analysis of 47 organizations to understand the short-term and long-term impacts of data breach events on an organization\u2019s financial performance.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>Data breach events have some negative impacts on the organization\u2019s profitability more than likely leading to a depletion of the organization\u2019s assets. However, organizations do not perform better or worse in the short-term or long-term due to a data breach event; the organizations can be considered financially sustainable in the 1\u20134 quarters following a data breach disclosure.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>This study takes two approaches to theory development. The first approach extends the current literature on data breach events as negative, value declining events to the organization\u2019s performance, which is referred to as the \u201ctraditional view.\u201d The second view posits that a data breach event may be a catalyst for enhanced long-term organization performance; this is referred to as the organizational sustainability and resiliency view.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-10-2020-0161","type":"journal-article","created":{"date-parts":[[2021,4,9]],"date-time":"2021-04-09T04:51:46Z","timestamp":1617943906000},"page":"500-525","source":"Crossref","is-referenced-by-count":10,"title":["After the disclosure: measuring the short-term and long-term impacts of data breach disclosures on the financial performance of organizations"],"prefix":"10.1108","volume":"29","author":[{"given":"Atiya","family":"Avery","sequence":"first","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,4,8]]},"reference":[{"key":"key2021081408083591700_ref001","first-page":"94","article-title":"Is there a cost to privacy breaches? An event study","year":"2006"},{"key":"key2021081408083591700_ref002","unstructured":"Associated Press (2014), \u201cHome depot profit rises despite data breach\u201d, Los Angeles Times, November 18, available at: www.latimes.com\/business\/la-fi-home-depot-earns-20141118-story.html"},{"issue":"71","key":"key2021081408083591700_ref003","first-page":"183","article-title":"Financial benefits from JIT adoption: effects of customer concentration and cost structure","volume":"2","year":"1996","journal-title":"The Accounting Review"},{"issue":"3","key":"key2021081408083591700_ref004","doi-asserted-by":"crossref","first-page":"359","DOI":"10.1016\/0304-405X(96)84701-5","article-title":"Detecting abnormal operating performance: the empirical power and specification of test statistics","volume":"41","year":"1996","journal-title":"Journal of Financial Economics"},{"issue":"1","key":"key2021081408083591700_ref05a","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1108\/09534810010310258","article-title":"From threat\u2010rigidity to flexibility\u2010toward a learning model of autogenic crisis in organizations","volume":"13","year":"2000","journal-title":"Journal of Organizational Change Management"},{"issue":"1","key":"key2021081408083591700_ref005","doi-asserted-by":"crossref","first-page":"169","DOI":"10.2307\/3250983","article-title":"A resource based perspective on information technology capability and firm performance: an empirical investigation","volume":"24","year":"2000","journal-title":"Mis Quarterly"},{"key":"key2021081408083591700_ref006","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1016\/j.dss.2014.04.006","article-title":"Do phishing alerts impact global corporations? A firm value analysis","volume":"64","year":"2014","journal-title":"Decision Support Systems"},{"issue":"6","key":"key2021081408083591700_ref007","first-page":"648","article-title":"Business model innovation and organizational resilience: towards an integrated conceptual framework","volume":"86","year":"2016","journal-title":"Journal of Business Economics"},{"issue":"5","key":"key2021081408083591700_ref008","doi-asserted-by":"crossref","first-page":"875","DOI":"10.2307\/3069319","article-title":"Comparing alternative conceptualizations of functional diversity in management teams: process and performance effects","volume":"45","year":"2002","journal-title":"Academy of Management Journal"},{"issue":"1","key":"key2021081408083591700_ref009","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1080\/10864415.2004.11044320","article-title":"The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers","volume":"9","year":"2004","journal-title":"International Journal of Electronic Commerce"},{"issue":"1","key":"key2021081408083591700_ref010","doi-asserted-by":"crossref","first-page":"35","DOI":"10.5465\/amr.1982.4285438","article-title":"Adaptation: a promising metaphor for strategic management","volume":"7","year":"1982","journal-title":"Academy of Management Review"},{"issue":"2","key":"key2021081408083591700_ref011","doi-asserted-by":"crossref","first-page":"456","DOI":"10.1016\/j.chb.2011.10.017","article-title":"Did IT consulting firms gain when their clients were breached?","volume":"28","year":"2012","journal-title":"Computers in Human Behavior"},{"key":"key2021081408083591700_ref012","volume-title":"Compustat Monthly Updates \u2013 Fundamentals Quarterly","author":"Compustat","year":"2016"},{"key":"key2021081408083591700_ref013","unstructured":"Coutu, D.L. (2002), \u201cHow resilience works\u201d, Harvard Business Review, pp. 46-56, available at: https:\/\/hbr.org\/2002\/05\/how-resilience-works"},{"key":"key2021081408083591700_ref014","volume-title":"Intellectual Capital \u2013 How to Measure the Value of Invisible Assets in the Information Age (DR Lin Trans.)","year":"1999"},{"issue":"1","key":"key2021081408083591700_ref015","doi-asserted-by":"crossref","first-page":"84","DOI":"10.2307\/2393701","article-title":"Accelerating adaptive processes: product innovation in the global computer industry","volume":"40","year":"1995","journal-title":"Administrative Science Quarterly"},{"issue":"2","key":"key2021081408083591700_ref016","doi-asserted-by":"crossref","first-page":"71","DOI":"10.2308\/jis.2003.17.2.71","article-title":"Information transfer among internet firms: the case of hacker attacks","volume":"17","year":"2003","journal-title":"Journal of Information Systems"},{"issue":"2","key":"key2021081408083591700_ref017","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1108\/09685220310468646","article-title":"Quantifying the financial impact of IT security breaches","volume":"11","year":"2003","journal-title":"Information Management and Computer Security"},{"issue":"1","key":"key2021081408083591700_ref018","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1111\/j.1540-6296.2010.01178.x","article-title":"The effect of data breaches on shareholder wealth","volume":"13","year":"2010","journal-title":"Risk Management and Insurance Review"},{"issue":"2","key":"key2021081408083591700_ref019","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1093\/cybsec\/tyx009","article-title":"Strategic news bundling and privacy breach disclosures","volume":"3","year":"2017","journal-title":"Journal of Cybersecurity"},{"issue":"4","key":"key2021081408083591700_ref020","doi-asserted-by":"crossref","first-page":"26","DOI":"10.2307\/41165963","article-title":"Commitment versus flexibility?","volume":"40","year":"1998","journal-title":"California Management Review"},{"key":"key2021081408083591700_ref021","volume-title":"Financial Reporting and Analysis","year":"2007"},{"issue":"1","key":"key2021081408083591700_ref022","first-page":"37","article-title":"The impact of federal and state notification laws on security breach announcements","volume":"34","year":"2014","journal-title":"Communications of the Association for Information Systems"},{"key":"key2021081408083591700_ref023","unstructured":"Hackett, R. (2015), \u201cHow much do data breaches cost big companies? Shockingly little\u201d, Fortune, March 27, available at: https:\/\/fortune.com\/2015\/03\/27\/how-much-do-data-breaches-actually-cost-big-companies-shockingly-little\/"},{"key":"key2021081408083591700_ref058","article-title":"The economic cost of cybersecurity breaches: a broad-based analysis","year":"2019"},{"key":"key2021081408083591700_ref024","unstructured":"Herman, B. (2016), \u201cDetails of anthem\u2019s massive cyberattack remain in the dark a year later\u201d, ModernHealthcare.com, March 30th, available at: www.modernhealthcare.com\/article\/20160330\/NEWS\/160339997\/details-of-anthem-s-massive-cyberattack-remain-in-the-dark-a-year-later#:\u223c:text=Details%20of%20Anthem's%20massive%20cyberattack%20remain%20in%20the%20dark%20a%20year%20later,-Bob%20Herman&text=The%20FBI%20is%20still%20investigating,allegedly%20has%20not%20been%20taken"},{"issue":"3","key":"key2021081408083591700_ref025","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1016\/j.im.2014.12.006","article-title":"The influence of data theft on the share prices and systematic risk of consumer electronics companies","volume":"52","year":"2015","journal-title":"Information and Management"},{"issue":"2","key":"key2021081408083591700_ref026","doi-asserted-by":"crossref","first-page":"121","DOI":"10.2307\/249475","article-title":"Productivity, business profitability, and consumer surplus: three different measures of information technology value","volume":"20","year":"1996","journal-title":"Mis Quarterly"},{"issue":"2","key":"key2021081408083591700_ref029a","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1046\/J.1098-1616.2003.026.x","article-title":"The impact of denial\u2010of\u2010service attack announcements on the market value of firms","volume":"6","year":"2003","journal-title":"Risk Management and Insurance Review"},{"issue":"3","key":"key2021081408083591700_ref030a","doi-asserted-by":"crossref","first-page":"370","DOI":"10.2307\/2392714","article-title":"Discerning threats and opportunities","volume":"33","year":"1988","journal-title":"Administrative Science Quarterly"},{"key":"key2021081408083591700_ref027","unstructured":"Kedmey, D. (2014), \u201cTarget expects $148 million loss from data breach\u201d, Time, August 6, available at: https:\/\/time.com\/3086359\/target-data-breach-loss\/#:\u223c:text=Target%20estimates%20that%20losses,million%2C%20the%20company%20said%20Tuesday"},{"issue":"2","key":"key2021081408083591700_ref028","first-page":"13","article-title":"The impact of information security breaches on financial performance of the breached firms: an empirical investigation","volume":"17","year":"2006","journal-title":"Journal of Information Technology Management"},{"issue":"2","key":"key2021081408083591700_ref029","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/irmj.2009040101","article-title":"Investigating the impact of publicly announced information security breaches on three performance indicators of the breached firms","volume":"22","year":"2009","journal-title":"Information Resources Management Journal"},{"issue":"1","key":"key2021081408083591700_ref030","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1080\/030851400360541","article-title":"Maximizing shareholder value: a new ideology for corporate governance","volume":"29","year":"2000","journal-title":"Economy and Society"},{"key":"key2021081408083591700_ref031","unstructured":"Legere, J. (2015), \u201cT-Mobile CEO on Experian's Data Breach\u201d, T-Mobile, available at: www.t-mobile.com\/news\/blog\/experian-data-breach"},{"key":"key2021081408083591700_ref036a","unstructured":"McCann, J. (2004), \u201cOrganizational effectiveness: changing concepts for changing environments\u201d, People and Strategy, Vol. 27 No. 1, p. 42."},{"key":"key2021081408083591700_ref032","unstructured":"McGinty, K. (2015), \u201cTarget data breach price tag: $252 million and counting\u201d, National law review, V(57), February 26, available at: www.natlawreview.com\/article\/target-data-breach-price-tag-252-million-and-counting"},{"key":"key2021081408083591700_ref033","unstructured":"Malliouris, D. and Simpson, A. (2019), \u201cThe stock market impact of information security\u201d, The 2019 Workshop on the Economics of Information Security (p. Paper 22), Workshop on the Economics of Information Security, Boston, available at: https:\/\/weis2019.econinfosec.org\/wp-content\/uploads\/sites\/6\/2019\/05\/WEIS_2019_paper_22.pdf"},{"key":"key2021081408083591700_ref034","first-page":"261","article-title":"Organizational responses to crisis: the centrality in trust","volume-title":"Trust in Organizations","year":"1996"},{"issue":"1","key":"key2021081408083591700_ref035","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1016\/j.jom.2014.10.003","article-title":"Shareholder value implications of service failures in triads: the case of customer information security breaches","volume":"35","year":"2015","journal-title":"Journal of Operations Management"},{"key":"key2021081408083591700_ref036","volume-title":"Counterfactuals and Causal Inference: Methods and Principles for Social Research (Analytical Methods for Social Research)","year":"2007"},{"key":"key2021081408083591700_ref037","unstructured":"Murciano-Goroff, R. (2019), \u201cDo data breach disclosures laws increase firms investment in securing their digital infrastructure\u201d, The 2019 Workshop on the Economics of Information Security (p. Paper 33), Workshop on the Economics of Information Security, Boston, available at: https:\/\/weis2019.econinfosec.org\/wp-content\/uploads\/sites\/6\/2019\/05\/WEIS_2019_paper_33.pdf"},{"key":"key2021081408083591700_ref038","unstructured":"Northwestern University (1997), \u201cPROPHET StatGuide: Two-sample paired (Wilcoxon) signed rank test\u201d, PROPHET StatGuide, available at: www.basic.northwestern.edu\/statguidefiles\/srank_paired.html"},{"key":"key2021081408083591700_ref039","unstructured":"Osborne, C. and Day, Z. (2015), \u201cAnthem data breach cost likely to smash $100 million barrier\u201d, ZDNet, February 2015, available at: www.zdnet.com\/article\/anthem-data-breach-cost-likely-to-smash-100-million-barrier\/#:\u223c:text=The%20financial%20consequences%20of%20Anthem's,of%20up%20to%20%24100%20million."},{"key":"key2021081408083591700_ref040","unstructured":"Pang, M. and Tanriverdi, H. (2019), \u201cSecurity breaches in the U.S. Federal government\u201d, The 2017 Workshop on the Economics of Information Security (p. Paper 52). La Jolla: Workshop on the Economics of Information Security, available at: https:\/\/weis2017.econinfosec.org\/wp-content\/uploads\/sites\/3\/2017\/05\/WEIS_2017_paper_52.pdf"},{"issue":"4\/5","key":"key2021081408083591700_ref041","first-page":"257","article-title":"The relation between information security events and firm market value, empirical evidence on recent disclosures: an extension of the GLZ study","volume":"19","year":"2014","journal-title":"Journal of Information Security and Applications"},{"key":"key2021081408083591700_ref042","unstructured":"Purdue University (2010), \u201cStatistical Consultant System\u201d, The Wilcoxon signed-rank test, available at: www.stat.purdue.edu\/\u223ctqin\/system101\/method\/method_wilcoxon_signed_rank_sas.htm"},{"issue":"4","key":"key2021081408083591700_ref043","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1080\/07421222.2005.11045820","article-title":"Effect of information systems resources and capabilities on firm performance: a resource-based perspective","volume":"21","year":"2005","journal-title":"Journal of Management Information Systems"},{"key":"key2021081408083591700_ref044","unstructured":"Safdar, K. and Beilfuss, L. (2016), \u201cTarget gives weak forecast as sales decline\u201d, The Wall Street Journal, May 16, available at: www.wsj.com\/articles\/target-sales-decline-profit-edges-lower-1463572937"},{"issue":"1","key":"key2021081408083591700_ref045","first-page":"125","article-title":"Issues in linking information technology capability to firm performance","volume":"24","year":"2003","journal-title":"Management Information Systems Quarterly"},{"key":"key2021081408083591700_ref046","volume-title":"The Fifth Discipline: Strategies and Tools for Building a Learning Organization","year":"1994"},{"issue":"5","key":"key2021081408083591700_ref047","doi-asserted-by":"crossref","first-page":"936","DOI":"10.5465\/amj.2008.34789660","article-title":"Gone but not lost: the different performance impacts of employee mobility between cooperators versus competitors","volume":"51","year":"2008","journal-title":"Academy of Management Journal"},{"issue":"1","key":"key2021081408083591700_ref048","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1111\/j.1468-5973.2009.00558.x","article-title":"Measuring resilience potential: an adaptive strategy for organizational crisis planning","volume":"17","year":"2009","journal-title":"Journal of Contingencies and Crisis Management"},{"key":"key2021081408083591700_ref049","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1016\/j.cose.2015.12.006","article-title":"The impact of information security events to the stock market: a systematic literature review","volume":"58","year":"2016","journal-title":"Computers and Security"},{"key":"key2021081408083591700_ref050","first-page":"94","article-title":"Organizing for resilience","volume-title":"Positive Organizational Scholarship: Foundations of a New Discipline","year":"2003"},{"key":"key2021081408083591700_ref051","unstructured":"T-Mobile (2016), \u201cT-mobile delivers unparalleled financial results \u2013 tops revenue and adjusted ebitda estimates\u201d, T-Mobile Media Kits, available at: www.t-mobile.com\/news\/press\/t-mobile-delivers-unparalleled-financial-results-tops-revenue"},{"issue":"3","key":"key2021081408083591700_ref052","doi-asserted-by":"crossref","first-page":"499","DOI":"10.1177\/135050849963007","article-title":"David and goliath in the risk society: making sense of the conflict between shell and Greenpeace in the North sea","volume":"6","year":"1999","journal-title":"Organization"},{"issue":"2","key":"key2021081408083591700_ref053","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1108\/14691930110385937","article-title":"ICBS-intellectual capital benchmarking system","volume":"2","year":"2001","journal-title":"Journal of Intellectual Capital"},{"key":"key2021081408083591700_ref054","first-page":"3418","article-title":"Organizational resilience: towards a theory and research agenda","volume-title":"Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics","year":"2007"},{"issue":"1","key":"key2021081408083591700_ref055","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1057\/jit.2010.4","article-title":"The impact of information security events on the stock value of firms: the effect of contingency factors","volume":"26","year":"2011","journal-title":"Journal of Information Technology"},{"issue":"1","key":"key2021081408083591700_ref056","doi-asserted-by":"crossref","first-page":"21","DOI":"10.4018\/irmj.2012010102","article-title":"Financial impact of information security breaches on breached firms and their non-breached competitors","volume":"25","year":"2012","journal-title":"Information Resources Management Journal"},{"issue":"1","key":"key2021081408083591700_ref057","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1287\/isre.1070.0160","article-title":"User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach","volume":"20","year":"2009","journal-title":"Information Systems Research"},{"issue":"3","key":"key2021081408083591700_ref059","first-page":"44","article-title":"Building agility, resilience and performance in turbulent environments","volume":"32","year":"2009","journal-title":"People and Strategy"},{"key":"key2021081408083591700_ref060","unstructured":"Privacy Rights Clearinghouse (2016), \u201cIdentity theft and data breaches\u201d, available at: www.privacyrights.org\/topics\/7"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2020-0161\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2020-0161\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:15Z","timestamp":1753406595000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/3\/500-525\/225396"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,8]]},"references-count":64,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2021,4,8]]},"published-print":{"date-parts":[[2021,8,17]]}},"alternative-id":["10.1108\/ICS-10-2020-0161"],"URL":"https:\/\/doi.org\/10.1108\/ics-10-2020-0161","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2021,4,8]]}}}