The Journal of Information Systems (한국정보시스템학회지:정보시스템연구)

Korea Association of Information Systems (한국정보시스템학회)
권호 표지
DOI QR코드

DOI QR Code

The Effects of Information Transfer of Personal Information Security Breaches

개인정보 유출의 정보전이 효과

  • Received : 2018.02.28
  • Accepted : 2018.03.29
  • Published : 2018.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Purpose Targeting Korean companies listed on Korean securities markets (i.e., KOSPI and KOSDAQ markets), this study aims to shed lights the effects of personal information security breaches on stock prices of information security companies. Interestingly, this study is, to the best of our knowledge, the first to examine the information transfer effect on personal information security breaches of companies. Design / Methodology /Approach To examine the information transfer effect of personal information security breaches, our study employs the event study commonly used in financial studies. To this end, we investigate a variety of events of personal information security breaches of companies listed on the KOPSI stock market and the KOSDAQ market. We collect the total samples of one hundred and twelve with forty seven of events of personal information security breaches by thirty companies and sixty five of information security companies. Findings The principal findings from the empirical study are as follows. First, for companies of personal information security breaches, our event study presents the significantly negative AAR (averaged abnormal return) value on the event day at the 5 % level and the highly significant negative CAAR(cumulative averaged abnormal return) value on the event day and the day after the event day at the 1 % level. The results suggest that personal information breaches significantly contribute to an decrease in value of the information breached companies. The cross sectional regressions in this study estimate the significantly negative coefficient for the ME/BE variable, the proxy for a growth opportunity at the 5 % level. This suggests a reverse relation between the growth opportunity of companies and their value. As for the various samples of the information security companies categorized by physical security, network and system security, security application software, code authentication, system integration, we find the significantly positive AAR on the day after the event day at the 5% level, only for the network and system security-companies. This addresses that the information transfer effect followed by personal information breaches is uniquely observable for companies categorized into network and system companies. The regressions for the network and system companies estimate the significantly positive coefficient for the NS dummy variable (i.e., the dummy of the network and system security companies) at the standard level. This allows us to identify appropriate times needed to make the information transfer effect realized from personal information breached companies to information security companies.

Keywords

References

  1. 권영옥, 김병도, "정보보안 사고와 사고방지 관련 투자가 기업가치에 미치는 영향," Information Systems Review, 제9권, 제1호, 2007, pp. 105-120.
  2. 김민정, 허남길, 유진호, "개인정보 유출 사고시 정보보호 기업의 주가 변동에 관한 연구," 정보보호학회논문지, 제26권, 제1호, 2016, pp. 275-283. https://doi.org/10.13089/JKIISC.2016.26.1.275
  3. 김정연, "개인정보 유출이 기업의 주가에 미치는 영향," 한국전자거래학회지, 제18권, 제1호, 2013, pp. 1-12. https://doi.org/10.7838/jsebs.2013.18.1.001
  4. 김여라, 이해춘, 유진호, 가상가치접근법(CVM)을 활용한 개인정보보호의 가치산출 방법론 고찰, 한국정보보호진흥원, 2007.
  5. 김태환, 이해니, 유진호, "개인정보 유출사고 이후 기업의 주가변동 패턴에 대한 고찰," 한국경영정보학회 춘계공동학술대회, 2014, pp. 89-92.
  6. 데이코산업연구소, 정보보호산업 실태와 기술개발 동향, 2013.
  7. 양재모, "전자거래상 개인정보보호에 대한 민사적 접근", 상이버커뮤니케이션 학보, 제 27권, 제 2호, 2010, pp. 91-119.
  8. 이해춘, 안경애, "CVM을 이용한 개인정보 유출의 손실가치 분석," 생산성논집, 제22권, 제2호, 2008, pp. 1-24.
  9. 유진호, 지상호, 임종인, "개인정보 유.노출 사고로 인한 기업의 손실비용 추정," 정보보호학회논문지, 제19권 제4호, 2009, pp. 63-75.
  10. 정형찬, "한국주식시장에 적합한 사건연구 방법론의 고안," 재무관리연구, 제14권, 제2호, 1997, pp. 273-312.
  11. 주미진, 김광용, 김진수, "개인정보 유출이 기업의 주가에 미치는 영향 : 한국 및 중국의 기업을 대상으로," 인터넷전자상거래연구, 제16권, 제3호, 2016, pp. 53-65.
  12. 채승완, "개인정보보호의 경제적 효과," 소비자문제연구, 제33호, 2008, pp. 43-64.
  13. 한귀현, "개인정보보호법제의 동향과 개선방안-개인정보보호기본법안을 중심으로" 공법학연구, 제6권, 제2호, pp. 82-107.
  14. 한창희, 채승완, 유병준, 안대환, 박채희, "기업의 개인정보 유출로 인한 경제적 피해규모 산출방법," 한국전자거래학회지, 제16권, 제4호, 2011, pp. 17-31. https://doi.org/10.7838/jsebs.2011.16.4.017
  15. 홍일유, 이재훈, 강성민, "정보보안 사고에 대한 공시가 시장에서 기업의 주식가치에 미치는 영향," Entrue Journal, 제14권, 제2호, 2015, pp. 33-56.
  16. Acquisti, A., A. Friedman, and R. Telang, "Is There Cost Privacy Breaches? An Event Study," Working Paper, 2006, pp. 1563-1580.
  17. Brown, S. and S. Warner, "Measuring Security Price Performance," Journal of Financial Economics, Vol. 8, No. 3, 1980, pp. 205-258. https://doi.org/10.1016/0304-405X(80)90002-1
  18. Brown, S. and S. Warner, "Using Daily Stock Returns: The Case of Event Studies," Journal of Financial Economics, Vol. 14, No. 1, 1985, pp. 3-31. https://doi.org/10.1016/0304-405X(85)90042-X
  19. Cavusoglu, H., B. Mishra, and S. Raghunathan, "The Effect of Internet Security Breach Announcement on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers," International Journal of Electronic Commerce, Vol. 9, No. 1 2004, pp. 69-104.
  20. Chan, S. H., J. W. Kensinger, A. J. Keown, and J. D. Martin, "Do strategic alliances create value?," Journal of Financial Economics, Vol. 46, 1997, pp. 199-221. https://doi.org/10.1016/S0304-405X(97)00029-9
  21. Das, P., K. Sen, and S. Sengupta, "Impact of strategic alliances on firm valuation." The Academy of Management Journal, Vol. 41, 1998, pp. 27-41.
  22. Ettredge, M., and V. J. Richardson, "Assessing the Risk in e-Commerce," Proceedings of the Thirty fifth Hawaii International Conference on Systems Sciences, Los ALamitos, CA: IEEE Computer Society Press, 2002.
  23. Ishiguro, M., H. Tanaka, K. Matsuura, and I. Murase, "The Effect of Information Security Incidents on Corporate Values in the Japanese Stock Market," In Workshop on the Economics of Securing the Information Infrastructure, 2006, pp. 1-15.
  24. Lee, H., S. Kim, and J. Kim, "Open technology innovation activity and firm value: evidence from Korean firms," Applied Economics, Vol. 44, 2012, pp. 3351-3561.
  25. Patel, N., "The Effect of IT Hack Announcements on the Market Value of Publicly Traded Corporations," Working Paper, 2010, pp. 1-24.
  26. Szewczyk, S. H., G. P. Tsetsekos, and. Zantout, "The valuation of corporate R&D expenditures: evidence from investment opportunities and free cash flow," Financial Management, Vol. 25, 1996, pp. 105-110. https://doi.org/10.2307/3665906
  27. Telang, R., and S. Wattal, "An Empirical Analysis of the Impact of Software Vulnerability Announcements on the Firm Stock Price," IEEE Transactions on Software Engineering, Vol. 33, No. 8, 2007. pp. 544-557. https://doi.org/10.1109/TSE.2007.70712