Reactions of Publicly Traded Equities to Information Security Breaches: Empirical Evidence from the Stock Market

M A. Mahmood, University of Texas at El Paso
Adolfo S. Coronado, University of Texas at El Paso
Jagadish K. Dandu, University of Texas at El Paso
Aurelia Nicholas Donald, University of Texas at El Paso


Managers constantly struggle with information security breaches in today’s digital economy to keep their businesses safe from hackers. We conduct a seminal research study to assess empirically the economic cost of publicly announced security breaches. We use t-test to check the statistical significance of Cumulative Abnormal Returns (CARs), beta shifts, and abnormal volumes of the breached companies. We believe, to the best of knowledge, no other research studies in the information systems area has used these three criteria to accomplish this feat. The vulnerability of Student's t, insofar as efficiency and power are concerned, led us to use Winsorisation which reduces the effect of outliers by laying all outliers to a specified percentile of the data. Our results show that the average risks and the average stock trading volume for a breached company, using the Fama-French three factor model, have significantly increased for those companies that went through a security breach. We used Fama-French three factor model because it relies on a market index, the firm size, and the firm value. This is true regardless of whether we use original or Winsorised data. We also found that CARs for the original and Winsorised data, using the Fama-French three factor model, are negative but not significant at an acceptable p-value. This means, insofar as these CARs are concerned, the stock market did penalize the companies that suffered from information security breaches but not significantly enough. The article concludes by proposing the area of future research.