Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches

Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches

In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breached companies. On average, breaches result in less than −0.3 percent cumulative abnormal returns in the short window around the breach disclosure...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The Journal of information systems 2019-09, Vol.33 (3), p.227-265
Hauptverfasser: Richardson, Vernon J., Smith, Rodney E., Watson, Marcia Weidenmier
Format: Artikel
Sprache:eng
Schlagworte:
Audits
Breach of contract
Computer privacy
Data collection
Data integrity
Economic impact
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breached companies. On average, breaches result in less than −0.3 percent cumulative abnormal returns in the short window around the breach disclosure. Except for a few catastrophic breaches, the nominal difference in cumulative abnormal returns between breach companies and the matched companies disappears within days after the breach. We also test whether data breaches affect future accounting measures of performance, audit and other fees, and future Sarbanes-Oxley Section 404 reports of material internal control weaknesses, but find no differences between breach and matched companies. Our results address the question why companies are not spending more to reduce breaches. We conclude by providing a few explanations of why there appears to be an effect at the economy-wide level, but no noticeable effect on individual company performance.
ISSN:0888-7985
1558-7959
DOI:10.2308/isys-52379