The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

Empirical Investigation on Information Breach Effect on the Market Value of the Firm: Focused on Source and Long Term Performance

정보유출이 기업가치에 미치는 효과분석: 원천 및 장기성과

  • Received : 2016.04.22
  • Accepted : 2016.05.24
  • Published : 2016.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper analyzes the impact of information breach on shareholder value by measuring the stock price reaction associated with the announcements of data breach. The breach firms in the sample lost, on average, 1.3% of their market value, amounting to 98.9 million won of loss within two-day of the event period after the announcement. We examine the abnormal returns in various categories (i.e., source, type, size, etc.) of information breach. Although the market does not react significantly to the announcements of outside breach, we find statistically significant market reactions to inside breach. We estimate abnormal returns over the following 60 days. The mean 60-day cumulative abnormal return and BHAR (buy-and-hold abnormal returns) are both significantly far from zero. We conclude that there is a coherent market reaction following the announcement. The difference between the market reactions to IT firms and Non-IT firms is statistically significant. But breach amount, firm size, and the year the breach occurred do not show to be significant variables.

본 연구는 정보유출에 따른 주가반응을 측정함으로 정보유출이 기업가치에 주는 효과를 분석한다. 정보유출기업은 사건발생 2일 이내에 평균 1.3%의 시장가치를 상실하여 98.9백만원의 손실액이 추산된다. 우리는 원천, 유형, 크기 등 다양한 정보유출 유형에 대한 비정상수익율을 분석하였다. 시장은 외부원천의 정보유출에 유의미한 반응을 하지 않지만, 내부원천의 정보유출에는 통계적으로 유의미한 반응을 보였다. 우리는 60일간의 장기 비정상수익율을 추정하였다. 60일 평균 누적비정상수익율과 매입보유 비정상수익율 모두 유의미한 시장반응을 보인다. 이로써 우리는 정보유출사건 이후 일관된 시장반응이 있다고 결말지을 수 있다. IT기업과 비IT기업의 시장반응 차이는 통계적으로 유의미하다. 그러나 유출규모, 기업크기, 발생시점 등은 유의미한 시장반응을 보이지 않는다.

Keywords

References

  1. Barber, B. M. and Lyon, J. D., "Detecting long-run abnormal stock returns: the empirical power and specification of test-statistics," Journal of Financial Economics, Vol. 43, pp. 341-372, 1997. https://doi.org/10.1016/S0304-405X(96)00890-2
  2. Beaver, W. H., "The Information Content of Annual Earnings Announcements," Journal of Accounting Research, Vol. 6, pp. 67-92, 1968. https://doi.org/10.2307/2490070
  3. Brown, S. J. and Warner, J. B., "Using Daily Stock Returns : The Case of Event Studies," Journal of Financial Economics, Vol. 14, pp. 3-31, 1985. https://doi.org/10.1016/0304-405X(85)90042-X
  4. Cavusoglu, H., Mishra, B., and Raghunathan, S., "The effect of Internet security breach announcements on market value: capital market reactions for breached firms and Internet security developers," International Journal of Electronic Commerce, Vol. 9, No. 1, pp. 69-104, 2004.
  5. Ettredge, M. and Richardson, V. J., "Assessing the risk in e-commerce," IEEE, 2002.
  6. Fama, E. and French, K., "The cross-section of expected stock returns," Journal of Finance, Vol. 47, No.2, pp. 427- 465, 1992. https://doi.org/10.1111/j.1540-6261.1992.tb04398.x
  7. Garba, A. B., Armarego, J., Murray, D., and Kenworthy, W., "Review of the information security and privacy challenges in BYOD environments," Journal of Information privacy and security, pp. 38-54, 2015.
  8. Gordon, L. A. and Loeb, M. P., "Managing cyber-security resources: A cost-benefit analysis," McGraw-Hill New York, Vol. 1, 2006.
  9. Han, C. H., Chai, S. W., Yoo, B. J., Ahn, D. H., and Park, C. H., "A Quantitative Assessment Model of Private Information Breach," The Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 17-31, 2011. https://doi.org/10.7838/jsebs.2011.16.4.017
  10. Hendricks, K. B. and Singhal, V. R., "Does Implementing an Effective TQM Program Actually Improve Operating Performance?: Empirical Evidence from Firms that Have Won Quality," Management Science, Vol. 43, No. 9, pp. 1258-1274, 1997. https://doi.org/10.1287/mnsc.43.9.1258
  11. Hendricks, K. B. and Singhal, V. R., "The effect of supply chain glitches on shareholder wealth," Journal of Operations Management, Vol. 21, No. 5, pp. 501-522, 2003. https://doi.org/10.1016/j.jom.2003.02.003
  12. Hovav, A. and D'Arcy, J., "The impact of virus attack announcements on the market value of firms," Information System Security, Vol. 13, No. 3, pp. 46-156, 2004. https://doi.org/10.1201/1086/44312.13.2.20040501/81652.7
  13. Hovav, A. and Han, J. Y., "The Impact of Security Breach Announcements on the Stock Value of Companies in South Korea," The Journal of Internet Electronic Commerce Research, Vol. 13, No. 3, pp. 43-67, 2013.
  14. Information Shield Inc., "Privacy Breach Impact calculator,"(http://www.informationshield.com/privacybreachcalc.html).
  15. Jeong, S. H. and Cho, H. S., "A study on frame transition of personal information leakage, 1984-2014: social network analysis approach," Journal of Digital Convergence, 2014.
  16. JNSA, "Information Security Incident Survey Report," 2004.
  17. Kannan, K., Rees, J., and Sridhar, S., "Market Reactions to Information Security Breach Announcements: An Empirical Analysis," International Journal of Electronic Commerce, Vol. 12, No. 1, pp. 69-91, 2007. https://doi.org/10.2753/JEC1086-4415120103
  18. Kim, C. W. and Kim, K. Y., "Measuring Security Price Performance in Event Studies," Korean Journal of Financial Studies, Vol. 20, No. 1, pp. 301-327, 1997.
  19. Kim, J. Y., "Analyzing Effects on Firms' Market Value of Personal Information Security Breach," The Journal of Society for e-Business Studies, Vol. 18, No. 1, pp. 1-12, 2013. https://doi.org/10.7838/jsebs.2013.18.1.001
  20. Kothari, S. P. and Warner, J. B., "Measuring long-horizon security price performance," Journal of Financial Economics, Vol. 43, pp. 301-339, 1997. https://doi.org/10.1016/S0304-405X(96)00899-9
  21. Kwon, H., Lee, E. J., Kim, T. S., and Jun, H. J., "Estimating Compensation for Personal Information Infringement in Korea Using Contingent Valuation Methods," Journal of The Korea Institute of Information Security and Cryptology, Vol. 22, No. 2, pp. 367-377, 2012.
  22. Kwon, Y. O. and Kim, B. D., "The Effect of Information Security Breach and Security Investment Announcement on the Market Value of Korean Firms," Information Systems Review, Vol. 9, No. 1, pp. 105-120, 2007.
  23. Nam, D. W., Park, J. W., Kim, M. K., Jo, H., and Kim, S. H., "A Study about Correlation Between Collective Intelligence On The Internet Stock Message Board And Stock Market," Korea Internet Electronic Commerce Association, Vol. 12, No. 2, pp. 149-164, 2012.
  24. Ponemon Institute, "Cost of Data Breach Study: Global Analysis," 2005-2014.
  25. Yoo, J. H., Jie, S. H., and Lim, J. I., "Estimating Direct Costs of Enterprises by Personal Information Security Breachs," Journal of The Korea Institute of Information Security and Cryptology, Vol. 19, No. 4, pp. 63-75, 2009.