{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T10:14:35Z","timestamp":1779272075689,"version":"3.51.4"},"reference-count":68,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2021,6,10]],"date-time":"2021-06-10T00:00:00Z","timestamp":1623283200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JEIM"],"published-print":{"date-parts":[[2022,3,8]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>Today, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many benefits to businesses, it also brings risks as the information systems security breaches. Security breaches and their financial impact is a constant concern of the researchers and practitioners. This paper explores information systems breaches and their financial impacts on the publicly traded companies in different sectors.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>After a comprehensive data collection process, data from 192 events are analyzed by employing Event Study Methodology and a comparison of the results between the four highly affected sectors (Consumer Goods, Technology, Financial and Communications) is presented. The abnormal returns on the prices of stocks after the events are calculated with the Market Model. Also, the results of the Market Adjusted Model and Mean Adjusted Model are presented to support the results.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>While information systems security breaches have a significant negative impact on the Financials and the Technology sectors for all the event windows in the study ([\u22125, 0], [\u22125, 1], [\u22125, 5], and [\u22125, 10]), the significant negative impact is observed only on the [\u22125, 5] and [\u22125, 10] event windows for the Consumer Goods sector. No significant negative impact is observed in the Communications sector, in fact, the cumulative abnormal returns are positive for this sector.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>The contribution of this paper to provide evidence about the financial impacts of the information systems breaches for businesses in different sectors. While there are studies that have previously focused on the information systems breaches and their financial impacts on businesses, to the best of our knowledge, this is the first study that compares this effect between the four highly impacted sectors. With a relatively larger sample size and broader event windows than the past studies in the literature, statistical evidence is provided to managers to justify their investments in information security and build preventive measures to secure the market value of their firms.<\/jats:p><\/jats:sec>","DOI":"10.1108\/jeim-11-2020-0450","type":"journal-article","created":{"date-parts":[[2021,6,10]],"date-time":"2021-06-10T09:27:30Z","timestamp":1623317250000},"page":"650-668","source":"Crossref","is-referenced-by-count":12,"title":["The financial impacts of information systems security breaches on publicly traded companies: reactions of different sectors"],"prefix":"10.1108","volume":"35","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1708-2490","authenticated-orcid":false,"given":"Cansu","family":"Tayaksi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4439-0966","authenticated-orcid":false,"given":"Erhan","family":"Ada","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yigit","family":"Kazancoglu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0799-0348","authenticated-orcid":false,"given":"Muhittin","family":"Sagnak","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2021,6,10]]},"reference":[{"key":"key2022092111185459400_ref001","first-page":"1563","article-title":"Is there a cost to privacy breaches? An event study","year":"2006"},{"issue":"6","key":"key2022092111185459400_ref002","doi-asserted-by":"crossref","first-page":"702","DOI":"10.1108\/JEIM-07-2013-0039","article-title":"Privacy by design and customers' perceived privacy and security concerns in the success of e-commerce","volume":"26","year":"2013","journal-title":"Journal of Enterprise Information Management"},{"key":"key2022092111185459400_ref003","doi-asserted-by":"crossref","first-page":"208","DOI":"10.1016\/j.jbusres.2019.01.036","article-title":"Opening editorial: contemporary business risks: an overview and new research agenda","volume":"97","year":"2019","journal-title":"Journal of Business Research"},{"issue":"3","key":"key2022092111185459400_ref004","doi-asserted-by":"crossref","first-page":"1177","DOI":"10.1007\/s11142-018-9452-4","article-title":"Do firms underreport information on cyber-attacks? Evidence from capital markets","volume":"23","year":"2018","journal-title":"Review of Accounting Studies"},{"issue":"3","key":"key2022092111185459400_ref005","doi-asserted-by":"crossref","first-page":"703","DOI":"10.1016\/j.eswa.2006.01.020","article-title":"Exploring the characteristics of Internet security breaches that impact the market value of breached firms","volume":"32","year":"2007","journal-title":"Expert Systems with Applications"},{"key":"key2022092111185459400_ref006","first-page":"175","article-title":"How does Cyber Crime affect firms? The effect of information security breaches on stock returns","year":"2017"},{"key":"key2022092111185459400_ref007","first-page":"3305","article-title":"The economic impact of information security breaches: firm value and intraindustry effects","year":"2006"},{"key":"key2022092111185459400_ref008","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1016\/S2212-5671(15)01077-1","article-title":"Cyber-attacks\u2013trends, patterns and security countermeasures","volume":"28","year":"2015","journal-title":"Procedia Economics and Finance"},{"issue":"1","key":"key2022092111185459400_ref009","first-page":"1","article-title":"Security breaches and firm value","volume":"5","year":"2010","journal-title":"Journal of Business Valuation and Economic Loss Analysis"},{"issue":"3","key":"key2022092111185459400_ref010","doi-asserted-by":"crossref","first-page":"753","DOI":"10.1016\/j.dss.2013.03.001","article-title":"The impact of adoption of identity theft countermeasures on firm value","volume":"55","year":"2013","journal-title":"Decision Support Systems"},{"key":"key2022092111185459400_ref011","volume-title":"The Econometrics of Financial Markets","year":"1997"},{"issue":"3","key":"key2022092111185459400_ref012","doi-asserted-by":"crossref","first-page":"431","DOI":"10.3233\/JCS-2003-11308","article-title":"The economic cost of publicly announced information security breaches: empirical evidence from the stock market","volume":"11","year":"2003","journal-title":"Journal of Computer Security"},{"key":"key2022092111185459400_ref013","first-page":"1","article-title":"The economic impact of security breaches on publicly traded corporations: an empirical investigation","year":"2012"},{"issue":"1","key":"key2022092111185459400_ref014","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1080\/10864415.2004.11044320","article-title":"The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers","volume":"9","year":"2004","journal-title":"International Journal of Electronic Commerce"},{"issue":"4","key":"key2022092111185459400_ref015","doi-asserted-by":"crossref","first-page":"651","DOI":"10.1016\/j.dss.2010.08.017","article-title":"Firms' information security investment decisions: stock market evidence of investors' behavior","volume":"50","year":"2011","journal-title":"Decision Support Systems"},{"issue":"1","key":"key2022092111185459400_ref016","doi-asserted-by":"crossref","first-page":"43","DOI":"10.2307\/3250958","article-title":"Examining the shareholder wealth effects of announcements of newly created CIO positions","volume":"25","year":"2001","journal-title":"MIS Quarterly"},{"issue":"1","key":"key2022092111185459400_ref017","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1287\/isre.4.1.1","article-title":"The impact of information technology investment announcements on the market values of the firms","volume":"4","year":"1993","journal-title":"Information Systems Research"},{"issue":"2","key":"key2022092111185459400_ref018","doi-asserted-by":"crossref","first-page":"285","DOI":"10.2753\/MIS0742-1222310210","article-title":"Understanding employee responses to stressful information security requirements: a coping perspective","volume":"31","year":"2014","journal-title":"Journal of Management Information Systems"},{"key":"key2022092111185459400_ref019","volume-title":"Global Information Security Survey 2008","author":"Ernst and Young","year":"2008"},{"issue":"2","key":"key2022092111185459400_ref020","doi-asserted-by":"crossref","first-page":"71","DOI":"10.2308\/jis.2003.17.2.71","article-title":"Information transfer among internet firms: the case of hacker attacks","volume":"17","year":"2003","journal-title":"Journal of Information Systems"},{"issue":"6","key":"key2022092111185459400_ref021","doi-asserted-by":"crossref","first-page":"564","DOI":"10.1016\/j.jaccpubpol.2018.10.006","article-title":"Trade secrets and cyber security breaches","volume":"37","year":"2018","journal-title":"Journal of Accounting and Public Policy"},{"issue":"2","key":"key2022092111185459400_ref022","first-page":"383","article-title":"Efficient capital markets: a review of theory and empirical work","volume":"25","year":"1970","journal-title":"The Journal of Finance"},{"issue":"5","key":"key2022092111185459400_ref023","doi-asserted-by":"crossref","first-page":"1575","DOI":"10.1111\/j.1540-6261.1991.tb04636.x","article-title":"Efficient capital markets: II","volume":"46","year":"1991","journal-title":"The Journal of Finance"},{"issue":"1","key":"key2022092111185459400_ref024","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1111\/j.1540-6296.2010.01178.x","article-title":"The effect of data breaches on shareholder wealth","volume":"13","year":"2010","journal-title":"Risk Management and Insurance Review"},{"issue":"7","key":"key2022092111185459400_ref025","doi-asserted-by":"crossref","first-page":"404","DOI":"10.1016\/j.im.2009.06.005","article-title":"Estimating the market impact of security breach announcements on firm values","volume":"46","year":"2009","journal-title":"Information and Management"},{"issue":"4","key":"key2022092111185459400_ref026","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","article-title":"The economics of information security investment","volume":"5","year":"2002","journal-title":"ACM Transactions on Information and System Security"},{"issue":"3","key":"key2022092111185459400_ref027","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1145\/636772.636774","article-title":"A framework for using insurance for cyber-risk management","volume":"46","year":"2003","journal-title":"Communications of the ACM"},{"issue":"1","key":"key2022092111185459400_ref028","doi-asserted-by":"crossref","first-page":"33","DOI":"10.3233\/JCS-2009-0398","article-title":"The impact of information security breaches: has there been a downward shift in costs?","volume":"19","year":"2011","journal-title":"Journal of Computer Security"},{"key":"key2022092111185459400_ref029","volume-title":"Cybercrime Costs More than You Think","author":"Hamilton Place Strategies","year":"2015"},{"key":"key2022092111185459400_ref030","volume-title":"CISSP All-In-One Exam Guide","year":"2010"},{"issue":"3","key":"key2022092111185459400_ref031","doi-asserted-by":"crossref","first-page":"415","DOI":"10.1287\/mnsc.42.3.415","article-title":"Quality awards and the market value of the firm: an empirical investigation","volume":"42","year":"1996","journal-title":"Management Science"},{"key":"key2022092111185459400_ref032","doi-asserted-by":"crossref","unstructured":"Hiscox (2020), \u201cHiscox cyber readiness report 2020 (online)\u201d, available at: https:\/\/www.hiscox.com\/sites\/default\/files\/content\/documents\/2020-Hiscox-Cyber-Readiness-Report_USA.pdf (accessed 5 April 2021).","DOI":"10.1016\/S1361-3723(21)00049-X"},{"key":"key2022092111185459400_ref033","doi-asserted-by":"crossref","unstructured":"Hogan, K.M., Olson, G.T. and Angelina, M. (2020), \u201cA comprehensive analysis of cyber data breaches and their resulting effects on shareholder wealth\u201d, available at: https:\/\/ssrn.com\/abstract=3589701 or http:\/\/dx.doi.org\/10.2139\/ssrn.3589701.","DOI":"10.2139\/ssrn.3589701"},{"issue":"2","key":"key2022092111185459400_ref034","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1046\/J.1098-1616.2003.026.x","article-title":"The impact of denial\u2010of\u2010service attack announcements on the market value of firms","volume":"6","year":"2003","journal-title":"Risk Management and Insurance Review"},{"issue":"3","key":"key2022092111185459400_ref035","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1201\/1086\/44530.13.3.20040701\/83067.5","article-title":"The impact of virus attack announcements on the market value of firms","volume":"13","year":"2004","journal-title":"Information Systems Security"},{"issue":"5","key":"key2022092111185459400_ref036","doi-asserted-by":"crossref","first-page":"681","DOI":"10.1016\/j.im.2018.11.003","article-title":"Information security breaches and IT security investments: impacts on competitors","volume":"56","year":"2019","journal-title":"Information and Management"},{"issue":"3","key":"key2022092111185459400_ref037","first-page":"719","article-title":"Risk management, firm reputation, and the impact of successful cyberattacks on target firms","volume":"139","year":"2020","journal-title":"Journal of Financial Economics"},{"issue":"1","key":"key2022092111185459400_ref038","doi-asserted-by":"crossref","first-page":"69","DOI":"10.2753\/JEC1086-4415120103","article-title":"Market reactions to information security breach announcements: an empirical analysis","volume":"12","year":"2007","journal-title":"International Journal of Electronic Commerce"},{"key":"key2022092111185459400_ref039","doi-asserted-by":"publisher","DOI":"10.1108\/JEIM-06-2020-0240","article-title":"Antecedents for enhanced level of cyber-security in organisations","year":"2020","journal-title":"Journal of Enterprise Information Management"},{"key":"key2022092111185459400_ref040","article-title":"Why data breaches don't hurt stock prices","volume":"31","year":"2015","journal-title":"Harvard Business Review"},{"key":"key2022092111185459400_ref041","volume-title":"Global IT Security Risks: 2012","year":"2012"},{"key":"key2022092111185459400_ref042","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1016\/j.cose.2014.05.006","article-title":"A multi-level approach to understanding the impact of Cyber Crime on the financial sector","volume":"45","year":"2014","journal-title":"Computers and Security"},{"key":"key2022092111185459400_ref043","volume-title":"The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments","year":"2006","edition":"2nd ed."},{"issue":"2","key":"key2022092111185459400_ref044","doi-asserted-by":"crossref","first-page":"173","DOI":"10.2307\/249574","article-title":"Threats to information systems: today's reality, yesterday's understanding","volume":"16","year":"1992","journal-title":"MIS Quarterly"},{"issue":"1","key":"key2022092111185459400_ref045","first-page":"13","article-title":"Event studies in economics and finance","volume":"35","year":"1997","journal-title":"Journal of Economic Literature"},{"issue":"1","key":"key2022092111185459400_ref046","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1177\/1094670510383409","article-title":"Evaluating customer information breaches as service failures: an event study approach","volume":"14","year":"2011","journal-title":"Journal of Service Research"},{"key":"key2022092111185459400_ref047","volume-title":"Stung by Security Flaws, Microsoft Makes Software Safety a Top Goal","year":"2002"},{"issue":"4","key":"key2022092111185459400_ref048","first-page":"580","article-title":"Time varying effects of cyberattacks on firm value. The Geneva Papers on Risk and Insurance","volume":"45","year":"2020","journal-title":"Issues and Practice"},{"issue":"3","key":"key2022092111185459400_ref049","doi-asserted-by":"crossref","first-page":"626","DOI":"10.2307\/257056","article-title":"Event studies in management research: theoretical and empirical issues","volume":"40","year":"1997","journal-title":"Academy of Management Journal"},{"issue":"6","key":"key2022092111185459400_ref050","first-page":"263","article-title":"Market price effects of data security breaches","volume":"20","year":"2011","journal-title":"Information Security Journal: A Global Perspective"},{"key":"key2022092111185459400_ref051","first-page":"800","volume-title":"Security and Privacy Controls for Federal Information Systems and Organizations","author":"NIST (National Institute of Standards and Technology)","year":"2013"},{"issue":"6","key":"key2022092111185459400_ref052","doi-asserted-by":"crossref","first-page":"677","DOI":"10.1108\/17410390710830727","article-title":"Information risks management in supply chains: an assessment and mitigation framework","volume":"20","year":"2007","journal-title":"Journal of Enterprise Information Management"},{"issue":"3","key":"key2022092111185459400_ref053","first-page":"36","article-title":"Event studies: a review of issues and methodology","volume":"28","year":"1989","journal-title":"Quarterly Journal of Business and Economics"},{"issue":"4","key":"key2022092111185459400_ref054","first-page":"257","article-title":"The relation between information security events and firm market value, empirical evidence on recent disclosures: an extension of the GLZ study","volume":"19","year":"2014","journal-title":"Journal of Information Security and Applications"},{"key":"key2022092111185459400_ref055","volume-title":"CSI Computer Crime and Security Survey","year":"2008"},{"issue":"3","key":"key2022092111185459400_ref056","doi-asserted-by":"crossref","first-page":"227","DOI":"10.2308\/isys-52379","article-title":"Much ado about nothing: the (lack of) economic impact of data privacy breaches","volume":"33","year":"2019","journal-title":"Journal of Information Systems"},{"key":"key2022092111185459400_ref057","article-title":"The effects of data breaches on the stock price in the period 2016-2018","year":"2019"},{"key":"key2022092111185459400_ref058","unstructured":"SEC (2018), \u201cCommission statement and guidance on public company cybersecurity disclosures\u201d, available at: https:\/\/www.sec.gov\/rules\/interp\/2018\/33-10459.pdf."},{"issue":"1","key":"key2022092111185459400_ref059","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1108\/JICES-02-2018-0010","article-title":"Examination of cybercrime and its effects on corporate stock value","volume":"17","year":"2019","journal-title":"Journal of Information, Communication and Ethics in Society"},{"key":"key2022092111185459400_ref060","article-title":"Facebook faces $1.6bn fine and formal investigation over massive data breach","year":"2018","journal-title":"The Guardian News"},{"key":"key2022092111185459400_ref061","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1016\/j.cose.2015.12.006","article-title":"The impact of information security events to the stock market: a systematic literature review","volume":"58","year":"2016","journal-title":"Computers and Security"},{"issue":"4","key":"key2022092111185459400_ref062","doi-asserted-by":"crossref","first-page":"109","DOI":"10.2753\/MIS0742-1222220405","article-title":"An information systems security risk assessment model under the Dempster-Shafer theory of belief functions","volume":"22","year":"2006","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"key2022092111185459400_ref063","first-page":"8","article-title":"The market value and reputational effects from lost confidential information","volume":"5","year":"2015","journal-title":"International Journal of Financial Management"},{"issue":"5","key":"key2022092111185459400_ref064","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1108\/ICS-05-2018-0060","article-title":"Impact of cyberattacks on stock performance: a comparative study","volume":"26","year":"2018","journal-title":"Information and Computer Security"},{"issue":"1","key":"key2022092111185459400_ref501","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1108\/JEIM-11-2019-0368","article-title":"Information sharing and the bane of information leakage: a multigroup analysis of contract versus noncontract","volume":"34","year":"2020","journal-title":"Journal of Enterprise Information Management"},{"key":"key2022092111185459400_ref065","unstructured":"World Bank (2018), \u201cFinancial sector's cybersecurity: regulations and supervision\u201d, available at: http:\/\/documents.worldbank.org\/curated\/en\/686891519282121021\/pdf\/123655-REVISED-PUBLCFinancial- Sectors-Cybersecurity-Final-LowRes.pdf."},{"key":"key2022092111185459400_ref066","unstructured":"World Economic Forum (2020), \u201cThe global risks report 2020 (online)\u201d, available at: https:\/\/www.weforum.org\/reports\/the-global-risks-report-2020 (accessed 5 April 2021)."},{"issue":"1","key":"key2022092111185459400_ref067","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1057\/jit.2010.4","article-title":"The impact of information security events on the stock value of firms: the effect of contingency factors","volume":"26","year":"2011","journal-title":"Journal of Information Technology"}],"container-title":["Journal of Enterprise Information Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/JEIM-11-2020-0450\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/JEIM-11-2020-0450\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T22:32:21Z","timestamp":1753396341000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/jeim\/article\/35\/2\/650-668\/434647"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,10]]},"references-count":68,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2021,6,10]]},"published-print":{"date-parts":[[2022,3,8]]}},"alternative-id":["10.1108\/JEIM-11-2020-0450"],"URL":"https:\/\/doi.org\/10.1108\/jeim-11-2020-0450","relation":{},"ISSN":["1741-0398"],"issn-type":[{"value":"1741-0398","type":"print"}],"subject":[],"published":{"date-parts":[[2021,6,10]]}}}