How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

2013 ◽  
Author(s):  
Russell Cameron Thomas ◽  
Marcin Antkiewicz ◽  
Patrick Florer ◽  
Suzanne Widup ◽  
Matthew Woodyard
Keyword(s):  
Information Security ◽  
Activity Model ◽  
Security Breaches ◽  
The Impact

scholarly journals Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽  
2020 ◽  
Vol 12 (4) ◽  
pp. 664 ◽  
Author(s):  
Rajeev Kumar ◽  
Abhishek Kumar Pandey ◽  
Abdullah Baz ◽  
Hosam Alhakami ◽  
Wajdi Alhakami ◽  
...  
Keyword(s):  
Decision Making ◽  
Information Security ◽  
Information Management ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Multi Criteria Decision Making ◽  
Local Hospital ◽  
Healthcare Information ◽  
Security Breaches ◽  
The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

Investigating the Impact of Publicly Announced Information Security Breaches on Three Performance Indicators of the Breached Firms

2010 ◽  
pp. 2141-2162
Author(s):  
Myung Ko ◽  
Kweku-Muata Osei-Bryson ◽  
Carlos Dorantes
Keyword(s):  
Information Security ◽  
Stock Market ◽  
Financial Performance ◽  
Organizational Performance ◽  
Market Value ◽  
Sampling Methodology ◽  
Security Breaches ◽  
Stock Market Investors ◽  
One Year ◽  
The Impact

This article examines the impact of information security breaches on organizational performance. Until now, there have been only a few empirical academic studies that have investigated this issue and they have investigated information security breaches with the focus on the short-term impact on the market value of the firm. This study offers an alternate approach to investigate this issue as it explores the impact of breaches on financial performance of the firm, one year after the breach. Using a “matched sampling” methodology, we explored the impact of each type of breach (i.e., confidentiality, integrity, and availability) and also by IT intensity and size. Our results suggest that the direction of the impact (i.e., positive, negative) is dependent on the type of security breaches and also the impact of IT intensive firms is different from non-IT intensive firms. Our study also includes some important implications for managers and stock market investors.

The Impact of Information Security Events on the Stock Value of Firms: The Effect of Contingency Factors

2011 ◽  
Vol 26 (1) ◽  
pp. 60-77 ◽  
Author(s):  
Ali Alper Yayla ◽  
Qing Hu
Keyword(s):  
Information Security ◽  
Stock Market ◽  
Negative Impact ◽  
Denial Of Service ◽  
Future Research ◽  
Event Analysis ◽  
Market Reactions ◽  
Security Breaches ◽  
Stock Market Reactions ◽  
The Impact

The stock market reactions to information technology (IT)-related events have often been used as proxies to the value or cost of these events in the information systems literature. In this paper, we study the stock market reactions to information-security-related events using the event analysis methodology with consideration of the effects of a number of contingency factors, including business type, industry, type of breach, event year, and length of event window. We found that pure e-commerce firms experienced higher negative market reactions than traditional bricks-and-mortar firms in the event of security breach. We also found that denial of service attacks had higher negative impact than other types of security breaches. Finally, security events occurred in recent years were found to have less significant impact than those occurred earlier, suggesting that investors may have become less sensitive to the security events. Most interestingly, our analyses showed that the magnitude and longevity of security breaches vary with time across sub-samples. This raises some serious questions regarding the validity of analyzing only short-term stock market reactions as an indicator of the cost of security breaches, and in general, an indicator of the value of IT-related events. The implications of these results are discussed and potential future research directions are proposed.

The impact of information security breaches: Has there been a downward shift in costs?

2011 ◽  
Vol 19 (1) ◽  
pp. 33-56 ◽  
Author(s):  
Lawrence A. Gordon ◽  
Martin P. Loeb ◽  
Lei Zhou
Keyword(s):  
Information Security ◽  
Security Breaches ◽  
Downward Shift ◽  
The Impact

The Impact of Information Security Breach Incidents on CIO Turnover

2019 ◽  
Vol 33 (3) ◽  
pp. 309-329 ◽  
Author(s):  
Rajiv D. Banker ◽  
Cecilia (Qian) Feng
Keyword(s):  
Information Security ◽  
Human Error ◽  
Chief Information Officer ◽  
Performance Expectations ◽  
Security Breaches ◽  
It Performance ◽  
Turn Over ◽  
Market Consequences ◽  
The Impact ◽  
The Relationship

ABSTRACT We investigate the relationship between security breaches and chief information officer (CIO) turnover. Because CIOs are directly responsible for IT performance, we argue that their turnover likelihood is higher when they fail to meet IT performance expectations, as reflected by information security breaches. Specifically, we find that breaches caused by system deficiency increase CIO turnover likelihood by 72 percent. However, we find no such association for breaches caused by criminal fraud or human error. We extend our analyses to other executives and document that CEOs are more likely to turn over following breaches caused by both system deficiency and human error, consistent with their broader role within the firm. By contrast, we find no evidence suggesting that CFOs are more likely to turn over following breaches. The findings indicate negative labor market consequences for executives who fail to meet performance expectations within the scope of their duties.

scholarly journals The impact of repeated data breach events on organisations’ market value

2016 ◽  
Vol 24 (1) ◽  
pp. 73-92 ◽  
Author(s):  
Daniel Schatz ◽  
Rabih Bashroush
Keyword(s):  
Information Security ◽  
Economic Impact ◽  
Investment Decisions ◽  
Market Value ◽  
Current Data ◽  
Published Data ◽  
Content Type ◽  
Security Breaches ◽  
Short Period ◽  
The Impact

Purpose – This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events. Design/methodology/approach – An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time. Findings – Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches. Research limitations/implications – One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information. Practical implications – One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives. Originality/value – This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.

Business Process and Information Security: A Cross-Listing Perspective

2016 ◽  
Vol 01 (02) ◽  
pp. 1650009 ◽  
Author(s):  
Yong Chen ◽  
Feng Dong ◽  
Hong Chen
Keyword(s):  
Information Security ◽  
Stock Prices ◽  
Business Processes ◽  
Vital Role ◽  
Sensitive Data ◽  
Security Breaches ◽  
Market Values ◽  
Cross Listing ◽  
Industry Integration ◽  
The Impact

Sensitive data are often handled in business processes. As an important component of industry systems, information system (IS) plays a vital role in business processes. However, data and information may leak in business processes. The damages caused by information security breaches (ISBs) on firms are increasing in recent years. Previous studies have consistently found that the announcements of ISBs are negatively associated with the market values of the announcing firms during the days surrounding the breach announcements. Globalization drives firms in diverse industries to cross-list their stocks. With the benefits of cross-listing, firms are able to perform entrepreneurship and industry integration is improved as well. Because cross-listing improves information environments and provides better investor protection, this paper argues that cross-listing help firms to reduce the negative impacts caused by their announcements of ISBs. From the perspective of ISs engineering, this paper conducts an event study of 120 publicly traded firms and finds that cross-listing does not mitigate the impact of ISB announcements on a firm’s stock prices.

Sign in / Sign up

Export Citation Format

Share Document