{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T10:25:30Z","timestamp":1766571930019,"version":"3.48.0"},"reference-count":66,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T00:00:00Z","timestamp":1766534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Systems"],"abstract":"<jats:p>As enterprises increasingly depend on software systems, security defects such as vulnerability disclosures, exploitations, and misconfigurations have become economically relevant risk events. However, their short-term impacts on capital markets remain insufficiently understood. This study examines how different types of software security defects affect short-horizon stock market behavior. Using a multi-model event-study framework that integrates the Constant Mean Return Model (CMRM), Autoregressive Integrated Moving Average (ARIMA), and the Capital Asset Pricing Model (CAPM), we estimate abnormal returns and trading-activity responses around security-related events. The results show that vulnerability disclosures are associated with negative abnormal returns and reduced trading activity, while exploitation events lead to larger price declines accompanied by significant increases in trading activity. Misconfiguration incidents exhibit weaker price effects but persistent turnover increases, suggesting that markets interpret them primarily as governance-related issues. Further analyses reveal that market reactions vary with technical severity, exposure scope, industry context, and firm role, and that cyber shocks propagate through both price adjustment and liquidity migration channels. Overall, the findings indicate that software security defects act as short-term information shocks in financial markets, with heterogeneous effects depending on event type. This study contributes to the literature on cybersecurity economics and provides insights for firms, investors, and policymakers in managing software-related risks.<\/jats:p>","DOI":"10.3390\/systems14010014","type":"journal-article","created":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T09:58:34Z","timestamp":1766570314000},"page":"14","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Short-Term Stock Market Reactions to Software Security Defects: An Event Study"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-7150-9312","authenticated-orcid":false,"given":"Xuewei","family":"Wang","sequence":"first","affiliation":[{"name":"School of Business, Macau University of Science and Technology, Macau, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaoxi","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou 510275, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chunsheng","family":"Li","sequence":"additional","affiliation":[{"name":"School of Business, Macau University of Science and Technology, Macau, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,12,24]]},"reference":[{"key":"ref_1","unstructured":"China Internet Network Information Center (CNNIC) (2024, December 11). Statistical Report on Internet Development in China. Available online: https:\/\/www.cnnic.com.cn\/IDR\/ReportDownloads\/202505\/P020250514564119130448.pdf."},{"key":"ref_2","unstructured":"Qi An Xin Threat Intelligence Center (2024, December 12). Annual Cybersecurity Threat Report 2024. Available online: https:\/\/www.qianxin.com\/threat\/reportdetail?report_id=335."},{"key":"ref_3","unstructured":"Fortinet FortiGuard Labs (2024, December 10). Cyber Threat Predictions for 2025. Available online: https:\/\/www.fortinet.com\/content\/dam\/fortinet\/assets\/threat-reports\/report-threat-prediction-2025.pdf."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"431","DOI":"10.3233\/JCS-2003-11308","article-title":"The economic cost of publicly announced information security breaches: Empirical evidence from the stock market","volume":"11","author":"Campbell","year":"2003","journal-title":"J. Comput. Secur."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1016\/j.jbankfin.2014.06.029","article-title":"Information asymmetry around operational risk announcements","volume":"48","author":"Barakat","year":"2014","journal-title":"J. Bank. Financ."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"69","DOI":"10.2753\/JEC1086-4415120103","article-title":"Market Reactions to Information Security Breach Announcements: An Empirical Analysis","volume":"12","author":"Kannan","year":"2007","journal-title":"Int. J. Electron. Commer."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"351","DOI":"10.1093\/rfs\/hhac024","article-title":"Cybersecurity risk","volume":"36","author":"Florackis","year":"2023","journal-title":"Rev. Financ. Stud."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"964","DOI":"10.1108\/JEIM-02-2016-0053","article-title":"IT internal control weaknesses and the market value of firms","volume":"30","author":"Kuhn","year":"2017","journal-title":"J. Enterp. Inf. Manag."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1177\/03128962221096492","article-title":"Corporate governance, market conditions and investors\u2019 reaction to information signals","volume":"48","author":"Almaskati","year":"2023","journal-title":"Aust. J. Manag."},{"key":"ref_10","unstructured":"Cashell, B., Jackson, W.D., Jickling, M., and Webel, B. (2004). The economic impact of cyber-attacks. Congressional Research Service Documents, The Library of Congress. Available online: http:\/\/archive.nyu.edu\/bitstream\/2451\/14999\/2\/Infosec_ISR_Congress.pdf."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1108\/ICS-05-2018-0060","article-title":"Impact of cyberattacks on stock performance: A comparative study","volume":"26","author":"Atsu","year":"2018","journal-title":"Inf. Comput. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"650","DOI":"10.1108\/JEIM-11-2020-0450","article-title":"The financial impacts of information systems security breaches on publicly traded companies: Reactions of different sectors","volume":"35","author":"Tayaksi","year":"2022","journal-title":"J. Enterp. Inf. Manag."},{"key":"ref_13","unstructured":"Cobos, E.V., Cakir, S., Straub, S., Qiang, C., and Torgusson, C. (2024). A Review of the Economic Costs of Cyber Incidents, World Bank. Available online: https:\/\/documents1.worldbank.org\/curated\/en\/099092324164536687\/pdf\/p17876919ffee4079180e81701969ad0a18.pdf."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"33","DOI":"10.3233\/JCS-2009-0398","article-title":"The Impact of Information Security Breaches: Has There Been a Downward Shift in Costs?","volume":"19","author":"Gordon","year":"2011","journal-title":"J. Comput. Secur."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1606","DOI":"10.1111\/risa.12864","article-title":"Security events and vulnerability data for cybersecurity risk estimation","volume":"37","author":"Allodi","year":"2017","journal-title":"Risk Anal."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Bozorgi, M., Saul, L.K., Savage, S., and Voelker, G.M. (2010, January 24\u201328). Beyond heuristics: Learning to classify vulnerabilities and predict exploits. Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Washington, DC, USA.","DOI":"10.1145\/1835804.1835821"},{"key":"ref_17","first-page":"103","article-title":"Dynamic psychology","volume":"33","author":"Woodworth","year":"1926","journal-title":"Pedagog. Semin. J. Genet. Psychol."},{"key":"ref_18","unstructured":"Mehrabian, A., and Russell, J.A. (1974). An Approach to Environmental Psychology, MIT Press. Available online: https:\/\/psycnet.apa.org\/record\/1974-22049-000."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1016\/0148-2963(88)90039-2","article-title":"The involvement\u2014Commitment model: Theory and implications","volume":"16","author":"Beatty","year":"1988","journal-title":"J. Bus. Res."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"320","DOI":"10.1016\/j.im.2011.08.001","article-title":"The influence of online store beliefs on consumer online impulse buying: A model and empirical application","volume":"48","author":"Verhagen","year":"2011","journal-title":"Inf. Manag."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1057\/jit.2010.4","article-title":"The impact of information security events on the stock value of firms: The effect of contingency factors","volume":"26","author":"Yayla","year":"2011","journal-title":"J. Inf. Technol."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Muktadir-Al-Mukit, D., and Ali, M.H. (2025). The dynamics of stock market responses following the cyber-attacks news: Evidence from event study. Inf. Syst. Front., 1\u201318.","DOI":"10.1007\/s10796-025-10639-6"},{"key":"ref_23","first-page":"163","article-title":"Do nonprofessional investors care about how and when data breaches are disclosed?","volume":"33","author":"Cheng","year":"2019","journal-title":"J. Inf. Syst."},{"key":"ref_24","first-page":"39","article-title":"Signaling Theory: A Review and Assessment","volume":"37","author":"Connelly","year":"2011","journal-title":"J. Manag."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1007\/s10799-018-00297-3","article-title":"The effect of information security certification announcements on the market value of the firm","volume":"20","author":"Deane","year":"2019","journal-title":"Inf. Technol. Manag."},{"key":"ref_26","unstructured":"Tsang, R. (2020). Market Reactions to Risk Factors Disclosure: Evidence from Cybersecurity Incidents. [Ph.D. Thesis, University of South Alabama]. Available online: https:\/\/search.proquest.com\/openview\/b77802907a26bf86e05c630b63ce02a5\/1?pq-origsite=gscholar&cbl=18750&diss=y."},{"key":"ref_27","first-page":"133","article-title":"Do voluntary disclosures mitigate the cybersecurity breach contagion effect?","volume":"34","author":"Kelton","year":"2020","journal-title":"J. Inf. Syst."},{"key":"ref_28","first-page":"175","article-title":"News values, media coverage, and audience attention: An analysis of direct and mediated causal relationships","volume":"86","author":"Lee","year":"2009","journal-title":"J. Mass Commun. Q."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"105533","DOI":"10.1016\/j.frl.2024.105533","article-title":"Cybersecurity governance and digital finance: Evidence from sovereign states","volume":"65","author":"Cheng","year":"2024","journal-title":"Financ. Res. Lett."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1016\/j.cose.2015.12.006","article-title":"The Impact of Information Security Events to the Stock Market: A Systematic Literature Review","volume":"58","author":"Spanos","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_31","first-page":"115","article-title":"Internal Control, Financial Reporting, and Firms\u2019 Operations","volume":"88","author":"Cohen","year":"2013","journal-title":"Account. Rev."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1162\/00335530360535162","article-title":"Corporate Governance and Equity Prices","volume":"118","author":"Gompers","year":"2003","journal-title":"Q. J. Econ."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1086\/294743","article-title":"The Behavior of Stock-Market Prices","volume":"38","author":"Fama","year":"1965","journal-title":"J. Bus."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1016\/0304-405X(80)90002-1","article-title":"Measuring Security Price Performance","volume":"8","author":"Brown","year":"1980","journal-title":"J. Financ. Econ."},{"key":"ref_35","first-page":"13","article-title":"Event Studies in Economics and Finance","volume":"35","author":"MacKinlay","year":"1997","journal-title":"J. Econ. Lit."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Dogra, V., Singh, A., Verma, S., Alharbi, A., and Alosaimi, W. (2021). Event Study: Advanced Machine Learning and Statistical Technique for Analyzing Sustainability in Banking Stocks. Mathematics, 9.","DOI":"10.3390\/math9243319"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Ilmanen, A. (2011). Expected Returns: An Investor\u2019s Guide to Harvesting Market Rewards, John Wiley & Sons.","DOI":"10.1002\/9781118467190"},{"key":"ref_38","unstructured":"Box, G.E.P., and Jenkins, G.M. (1970). Time Series Analysis: Forecasting and Control, Holden-Day."},{"key":"ref_39","first-page":"425","article-title":"Capital Asset Prices: A Theory of Market Equilibrium under Conditions of Risk","volume":"19","author":"Sharpe","year":"1964","journal-title":"J. Financ."},{"key":"ref_40","unstructured":"Lintner, J. (1975). The valuation of risk assets and the selection of risky investments in stock portfolios and capital budgets. Stochastic Optimization Models in Finance, Elsevier."},{"key":"ref_41","unstructured":"Campbell, J.Y., Lo, A.W., and MacKinlay, A.C. (1992). The Econometrics of Financial Markets, Princeton University Press."},{"key":"ref_42","unstructured":"Wooldridge, J., and Imbens, G. (2024, December 14). Difference-in-Difference Estimation. Available online: https:\/\/www.publichealth.columbia.edu\/research\/population-health-methods\/difference-difference-estimation."},{"key":"ref_43","unstructured":"MITRE (2024, December 13). Overview\/About the CVE Program. Available online: https:\/\/www.cve.org\/about\/overview."},{"key":"ref_44","unstructured":"NIST (2024, December 24). National Vulnerability Database (NVD) Home, Available online: https:\/\/nvd.nist.gov."},{"key":"ref_45","unstructured":"U.S. Securities and Exchange Commission (2024, December 11). EDGAR Full-Text\/Company Search, Available online: https:\/\/www.sec.gov\/search-filings."},{"key":"ref_46","unstructured":"Privacy Rights Clearinghouse (2024, December 12). Data Breach Chronology. Available online: https:\/\/privacyrights.org\/data-breaches."},{"key":"ref_47","unstructured":"MITRE (2024, December 19). CVE Numbering Authorities (CNAs). Available online: https:\/\/www.cve.org\/ProgramOrganization\/cnas."},{"key":"ref_48","unstructured":"NIST (2024, December 20). Vulnerability Metrics\u2014CVSS, Available online: https:\/\/nvd.nist.gov\/vuln-metrics\/cvss."},{"key":"ref_49","unstructured":"NIST (2024, December 21). Official Common Platform Enumeration (CPE) Dictionary, Available online: https:\/\/nvd.nist.gov\/products\/cpe."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Toloudis, D., Spanos, G., and Angelis, L. (2016). Associating the severity of vulnerabilities with their description. Proceedings of the International Conference on Advanced Information Systems Engineering, Ljubljana, Slovenia, 13\u201317 June 2016, Springer.","DOI":"10.1007\/978-3-319-39564-7_22"},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Ye, Y., Li, T., Chen, Y., and Jiang, Q. (2010, January 24\u201328). Automatic malware categorization using cluster ensemble. Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD \u201910), Washington, DC, USA.","DOI":"10.1145\/1835804.1835820"},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Neuhaus, S., Zimmermann, T., Holler, C., and Zeller, A. (2007, January 28\u201331). Predicting Vulnerable Software Components. Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS \u201907), Alexandria, VA, USA.","DOI":"10.1145\/1315245.1315311"},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/0304-405X(85)90042-X","article-title":"Using Daily Stock Returns: The Case of Event Studies","volume":"14","author":"Brown","year":"1985","journal-title":"J. Financ. Econ."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"109","DOI":"10.2307\/2330874","article-title":"The Relation between Price Changes and Trading Volume: A Survey","volume":"22","author":"Karpoff","year":"1987","journal-title":"J. Financ. Quant. Anal."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"101415","DOI":"10.1016\/j.pacfin.2020.101415","article-title":"Corporate social responsibility, social identity, and innovation performance in China","volume":"63","author":"Ko","year":"2020","journal-title":"Pac.-Basin Financ. J."},{"key":"ref_56","unstructured":"CISA (2025, January 03). Mitigating Log4Shell and Other Log4j-Related Vulnerabilities, Available online: https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa21-356a."},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"2201","DOI":"10.1093\/rfs\/hhn098","article-title":"Market Liquidity and Funding Liquidity","volume":"22","author":"Brunnermeier","year":"2009","journal-title":"Rev. Financ. Stud."},{"key":"ref_58","unstructured":"(2021). By Design: How Default Permissions on Microsoft Power Apps Exposed Millions, UpGuard."},{"key":"ref_59","unstructured":"Cuomo, G.A.M., and Lawsky, S.B.M. (2024, December 06). New York State Department of Financial Services: Report on Cyber Security in the Banking Sector. Technical Report. Available online: https:\/\/www.minterdial.com\/dev\/wp-content\/uploads\/2014\/11\/pr140505_cyber_security.pdf."},{"key":"ref_60","first-page":"121","article-title":"Examining the Costs and Causes of Cyber Incidents","volume":"2","author":"Romanosky","year":"2016","journal-title":"J. Cybersecur."},{"key":"ref_61","unstructured":"U.S. Securities and Exchange Commission (2024, December 10). EDGAR Application Programming Interfaces, Available online: https:\/\/www.sec.gov\/edgar\/sec-api-documentation."},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1080\/713665670","article-title":"Empirical Properties of Asset Returns: Stylized Facts and Statistical Issues","volume":"1","author":"Cont","year":"2001","journal-title":"Quant. Financ."},{"key":"ref_63","unstructured":"Tsay, R.S. (2013). An Introduction to Analysis of Financial Data with R, Wiley."},{"key":"ref_64","doi-asserted-by":"crossref","first-page":"422","DOI":"10.1287\/msom.2017.0680","article-title":"Environmental incidents and the market value of firms: An empirical investigation in the Chinese context","volume":"20","author":"Lo","year":"2018","journal-title":"Manuf. Serv. Oper. Manag."},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"719","DOI":"10.1016\/j.jfineco.2019.05.019","article-title":"Risk Management, Firm Reputation, and the Impact of Cyberattacks in the U.S","volume":"139","author":"Kamiya","year":"2021","journal-title":"J. Financ. Econ."},{"key":"ref_66","first-page":"37","article-title":"Cyber Risks: Systematic Literature Analysis","volume":"22","author":"Bahmanova","year":"2024","journal-title":"J. Syst. Cybern. Inform."}],"container-title":["Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-8954\/14\/1\/14\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T10:23:02Z","timestamp":1766571782000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-8954\/14\/1\/14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,24]]},"references-count":66,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,1]]}},"alternative-id":["systems14010014"],"URL":"https:\/\/doi.org\/10.3390\/systems14010014","relation":{},"ISSN":["2079-8954"],"issn-type":[{"value":"2079-8954","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,24]]}}}