The Impact of Virus Attack Announcements on the Market Value of Firms

Anat Hovav, John D’Arcy

2004

Abstract

The increase in security breaches in the last few years and the need to insure information assets has created an intensified interest in information security and risk within organizations. However, very little is known of the financial impact and the risk associated with the various types of security breaches. This article reports the impact of virus attack announcements on the market value of affected companies over a period of 15 years. The study was conducted using event study methodology. The results show that in general the market does not penalize companies that experience such an attack.

References

  1. Baginski, S. P., R. B. Corbett, et al. (1991). "Catastrophic Events and Retroactive Liability Insurance: The Case of the MGM Grand Fire." The Journal of Risk and Insurance 58(2): 247-260.
  2. Berinato, S. (2002). Finally, a Real Return on Security Spending. CIO: The Magazine for Information Executives. 15: 42-52.
  3. Blumenthal, M. (1999). "The Politics and Policies of Enhancing Trustworthiness for Information Systems." Communication Law & Policy 4(4): 513-555.
  4. Campbell, J. Y., A. W. Lo, et al. (1997). Event Study Analysis. Chapter 4 in The Econometrics of Financial Markets. Princeton, NJ, Princeton University Press.
  5. Chen, C. Y. and G. Lindsay (2000). Viruses, Attacks, and Sabotage: It's a Computer Crime Wave. Fortune. 141: 484-487.
  6. Chen, T.M., (2003). “Trends in Viruses and Worms.” The Internet Protocol Journal 6(3): 23-33.
  7. Cohen, F (1984). Computer Viruses: Theory and Experiments. Proceedings of the Second IFIP International Conference on Computer Security, Toronto, Ontario, Canada.
  8. D'Amico, A. (2000). What Does A Computer Security Breach Really Cost?, The Sans Institute. 2000.
  9. Dyckman, T., D. Philbrick, et al. (1984). “A Comparison of Event Study Methodologies Using Daily Stock Returns: A Simulation Approach.” Journal of Accounting Research 22: 1-30.
  10. Etebari, A., J. O. Horrigan, et al. (1987). "To Be or Not To Be - Reaction of Stock Returns to Sudden Deaths of Corporate Chief Executive Officers." Journal of Business Finance & Accounting 14(2): 255-279.
  11. Ettredge, M. and V. J. Richardson (2001). Assessing the Risk in E-Commerce. Twenty-Second International Conference on Information Systems, New Orleans, LA.
  12. Fama, E., L. Fisher, et al. (1969). "The Adjustment of Stock Prices to New Information." International Economic Review 10: 1-21.
  13. Glover, S., S. Liddle, et al. (2001). Electronic Commerce: Security, Risk Management, and Control. Upper Saddle River, NJ, Prentice Hall.
  14. Gordon, L.A. and M.P. Loeb (2002). “The Economics of Information Security Investment.” ACM Transactions on Information and Systems Security 5(4): 438- 457.
  15. Gordon, L.A., M.P. Loeb, et al. (2003) “A Framework for Using Insurance for Cyber-Risk Management.” Communications of the ACM 46(3): 81-85.
  16. Hancock, B. (2002). “Security Crisis Management - The Basics.” Computers & Security 21(5): 397-401.
  17. Hayes, F. (2003). The Story So Far. Computerworld. 37: 26-27.
  18. Hinde, S. (2000). "Love Conquers All?" Computers & Security 19(5): 408-420.
  19. Hoffer, J. A. and D. W. Straub (1989). "The 9 to 5 Underground: Are You Policing Computer Crimes?" Sloan Management Review (Summer 1989): 35-43.
  20. Hovav, A. and J. D'Arcy (2003) “The Impact of Denial-of-Service Announcements on the Market Value of Firms.” Risk Management and Insurance Review, 6(2): 97-121.
  21. Howard, J. D. and T. A. Longstaff (1998). A Common Language For Computer Security Incidents. Pittsburgh, PA, CERT Coordination Center at Carnegie Mellon University: 1-33.
  22. Im, K. S., K. E. Dow, et al. (2001). “A Reexamination of IT Investment and the Market Value of the Firm: An Event Study Methodology.” Information Systems Research 12(1): 103-117.
  23. Kelly, B. J. (1999). "Preserve, Protect, and Defend." Journal of Business Strategy (September/October 1999): 22-26.
  24. Loderer, C. and D. C. Mauer (1992). “Corporate Dividends and Seasoned Equity Issues: An Empirical Investigation.” Journal of Finance 47(1): 201-225.
  25. Lyman, J. (2002). In Search of the World's Costliest Computer Virus, www.newsfactor.com/perl/story/16407.html. 2002.
  26. McAfee, J. and C. Haynes (1989). Computer Viruses, Worms, Data Diddlers, Killer Programs, & Other Threats To Your System. New York, New York, St. Martins Press.
  27. Montana, J. C. (2000). "Viruses and the Law: Why the Law is Ineffective." The Information Management Journal 34(4): 57-60.
  28. Moore, D., G.M. Voelker, et al. (2001). “Inferring Internet Denial-of-Service Activity.” Proceedings of the 10th USENIX Security Symposium, Washington, D.C.
  29. Nachenberg, C. (1997). "Computer Virus - Antivirus Coevolution." Communications of the ACM 40(1): 46-51.
  30. Panko. R.R. (2003). “Slammer: The First Blitz Worm.” Communications of the Association for Information Systems. 11: 207-218.
  31. Power R. (2001). “2001 CSI/FBI Computer Crime and Security Survey.” Computer Security Issues and Trends 7(1): 1-18.
  32. Power, R. (2003). “2003 CSI/FBI Computer Crime and Security Survey.” Computer Security Issues and Trends 9(1): 1-20.
  33. Salierno, D. (2001). Managers Fail to Address E-risk. The Internal Auditor. April 2001: 13.
  34. Salkever, A. (2000). Who Pays When Business Is Hacked?, www.businessweek.com/bwdaily/dnflash/may2000/nf00523d.htm.
  35. Spafford, E. (1999). "Crisis and Aftermath." Communications of the ACM 32(6): 678-687.
  36. Sprecher, R. and M. Pertl (1988). “Intra-Industry Effects of the MGM Grand Fire.” Quarterly Journal of Business and Economics 27: 96-16.
  37. Straub, D.W. and R.J. Welke. (1998) “Coping With Systems Risk: Security Planning Models for Management Decision Making.” MIS Quarterly 22(4): 441-469.
  38. Subramani, M. and E. Walden (2001). “The Impact of E-Commerce Announcements on the Market Value of Firms.” Information Systems Research 12(2): 135-154.
Download


Paper Citation


in Harvard Style

Hovav A. and D’Arcy J. (2004). The Impact of Virus Attack Announcements on the Market Value of Firms . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 146-156. DOI: 10.5220/0002668501460156


in Bibtex Style

@conference{wosis04,
author={Anat Hovav and John D’Arcy},
title={The Impact of Virus Attack Announcements on the Market Value of Firms},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},
year={2004},
pages={146-156},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002668501460156},
isbn={972-8865-07-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - The Impact of Virus Attack Announcements on the Market Value of Firms
SN - 972-8865-07-4
AU - Hovav A.
AU - D’Arcy J.
PY - 2004
SP - 146
EP - 156
DO - 10.5220/0002668501460156