The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms

Hovav, Anat; D’Arcy, John

doi:10.1046/j.1098-1616.2003.026.x

Cited by 189 publications

(117 citation statements)

References 39 publications

Supporting

Mentioning

105

Contrasting

Unclassified

Order By: Relevance

“…Campbell et al [11] conduct a similar event study and find that only the impact of confidentiality-related security breaches is negative and significant; the impact of non-confidentialityrelated security breaches is not significantly different from zero. Hovav and D'Arcy [30] show similar results by finding that Denial of Service (DoS) type attacks are not associated with any significant loss in value for firms. 7 Generally, vulnerability announcements and disclosure have been contentious.…”

Section: Literature Reviewsupporting

confidence: 65%

An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price

Telang

Wattal

2007

IIEEE Trans. Software Eng.

189

View full text Add to dashboard Cite

Abstract-Security defects in software cost millions of dollars to firms in terms of downtime, disruptions, and confidentiality breaches. However, the economic implications of these defects for software vendors are not well understood. Lack of legal liability and the presence of switching costs and network externalities may protect software vendors from incurring significant costs in the event of a vulnerability announcement, unlike such industries as auto and pharmaceuticals, which have been known to suffer significant loss in market value in the event of a defect announcement. Although research in software economics has studied firms' incentives to improve overall quality, there have not been any studies which show that software vendors have an incentive to invest in building more secure software. The objectives of this paper are twofold. 1) We examine how a software vendor's market value changes when a vulnerability is announced. 2) We examine how firm and vulnerability characteristics mediate the change in the market value of a vendor. We collect data from leading national newspapers and industry sources, such as the Computer Emergency Response Team (CERT), by searching for reports on published software vulnerabilities. We show that vulnerability announcements lead to a negative and significant change in a software vendor's market value. In our sample, on average, a vendor loses around 0.6 percent value in stock price when a vulnerability is reported. We find that a software vendor loses more market share if the market is competitive or if the vendor is small. To provide further insight, we use the information content of the disclosure announcement to classify vulnerabilities into various types. We find that the change in stock price is more negative if the vendor fails to provide a patch at the time of disclosure. Also, more severe flaws have a significantly greater impact. Our analysis provides many interesting implications for software vendors as well as policy makers. In particular, our study provides some evidence of the value of secure software.

show abstract

Section: Literature Reviewsupporting

confidence: 65%

An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price

Telang

Wattal

2007

IIEEE Trans. Software Eng.

189

View full text Add to dashboard Cite

show abstract

“…Dealing with the relevance of environmental issues, White (1996) examined the potential impact of the Exxon Valdes oil spill on stock prices, while Kalra, Henderson & Raines (1993) considered the implications of the Chernobyl nuclear disaster on utility share prices. More recently, Hovav and D'Arcy (2003) successfully applied event methodology to highlight the possible implications of "denial of service" attack announcements on affected firms' stock prices. Likewise, Chen and Siems (2004) assessed the immediate impact which terrorist attacks had on the United States of America's (USA's) capital markets.…”

Section: Event-study Methodologymentioning

confidence: 99%

Assessing the potential impact of the Marikana incident on South African mining companies : an event method study

Hill

Maroun

2015

S. Afr. j. econ. manag. sci. (Online)

View full text Add to dashboard Cite

This study examines the potential impact of industrial unrest and the outbreak of violence at Marikana on 16 August 2012 on the share prices of mining companies listed on the Johannesburg Stock Exchange (JSE) using an event methodology. Contrary to expectations, the Marikana incident does not appear to have had a widespread and prolonged effect on the South African mining sector. This may be the result of the strike action already having been discounted into the price of mining shares, implying that the market was only reacting to the unusually violent (but short-lived) protest. Alternately, the results could be indicative of investor confidence in the corporate social responsibility initiatives of the South African mining industry as a whole.This paper is the first to examine the potential impact of the Marikana incident on the share prices of mining companies listed on the JSE. It should be of interest to both academics and practitioners wanting to understand how share prices react to exogenous events. It is also relevant for corporate-governance researchers concerned with the relevance of social and governance practices in a South African setting. This research is faced with the limitations associated with most statistical research: that causality cannot be ascribed to tested relationships. Notwithstanding these limitations, it is argued that these findings are important, given the significant coverage of the Marikana incident and the ongoing debate on the need for corporate social responsibility.

show abstract

“…As mentioned 1 It is a nationally recognized consumer education and advocacy nonprofit dedicated to protecting the privacy of American consumers. Data were collected from http://www.privacyrights.org/data-breach 2 The information on the database is usually updated 1 or 2 days after the event happened. From our observation, we think the content of the event description usually can reflect the main information that was related to the event.…”

Section: Theoretical Backgrounds and Hypotheses Developmentmentioning

confidence: 99%

“…CAR due to information security breach is larger for BSFI (Business, financial, service, insurance) firms [19]. Internet specific companies suffer more on stock value after security breach incidents [2].…”

Section: Introductionmentioning

confidence: 99%

“…We seek to discover whether this type of firm action will impact the firm's market value during the data breach event period. 2 Using content analysis on the description of the data breach events, we evaluate whether the results will have impacts on the firm's equity value through an empirical study. Our findings on the anticipated market reaction should provide corporate executives with guidance on managing public disclosure of data breach incidents.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Firm Actions Toward Data Breach Incidents and Firm Equity Value: An Empirical Study

Song¹,

Wang²,

Fan³

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms

Cited by 189 publications

References 39 publications

An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price

An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price

Assessing the potential impact of the Marikana incident on South African mining companies : an event method study

Firm Actions Toward Data Breach Incidents and Firm Equity Value: An Empirical Study

Contact Info

Product

Resources

About