Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches

Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches

In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breached companies. On average, breaches result in less than −0.3 percent cumulative abnormal returns in the short window around the breach disclosure...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The Journal of information systems 2019-09, Vol.33 (3), p.227-265
Hauptverfasser: Richardson, Vernon J., Smith, Rodney E., Watson, Marcia Weidenmier
Format: Artikel
Sprache:eng
Schlagworte:
Audits
Breach of contract
Computer privacy
Data collection
Data integrity
Economic impact
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 265
container_issue 3
container_start_page 227
container_title The Journal of information systems
container_volume 33
creator Richardson, Vernon J.
Smith, Rodney E.
Watson, Marcia Weidenmier
description In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breached companies. On average, breaches result in less than −0.3 percent cumulative abnormal returns in the short window around the breach disclosure. Except for a few catastrophic breaches, the nominal difference in cumulative abnormal returns between breach companies and the matched companies disappears within days after the breach. We also test whether data breaches affect future accounting measures of performance, audit and other fees, and future Sarbanes-Oxley Section 404 reports of material internal control weaknesses, but find no differences between breach and matched companies. Our results address the question why companies are not spending more to reduce breaches. We conclude by providing a few explanations of why there appears to be an effect at the economy-wide level, but no noticeable effect on individual company performance.
doi_str_mv 10.2308/isys-52379
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2331378760</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2331378760</sourcerecordid><originalsourceid>FETCH-LOGICAL-c291t-daed5866cf7ad95180f56afabe308e048351ddb402aa4fb5bd06194414d2ba543</originalsourceid><addsrcrecordid>eNotkMtOwzAQRS0EEqGw4QsssQGkgB3bicOulAKVSmFR1tbED5JC62InSPl7UspqRqOjuboHoXNKbjJG5G0T-5iKjBXlAUqoEDItSlEeooRIudulOEYnMa4IIcVAJWjx0ukaj43HUPmuxQvf1s3m4w4va4sv56A_sXdXeKr9xq8bjWfrLeh2uOEHaAG_heYHdI_vgwVd23iKjhx8RXv2P0fo_XG6nDyn89en2WQ8T3VW0jY1YI2Qea5dAaYUVBIncnBQ2aGEJVwyQY2pOMkAuKtEZUhOS84pN1kFgrMRutj_3Qb_3dnYqpXvwmaIVBljlBWyyMlAXe8pHXyMwTq1Dc0aQq8oUTtfaudL_flivyxMXJQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2331378760</pqid></control><display><type>article</type><title>Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches</title><source>Business Source Complete</source><creator>Richardson, Vernon J. ; Smith, Rodney E. ; Watson, Marcia Weidenmier</creator><creatorcontrib>Richardson, Vernon J. ; Smith, Rodney E. ; Watson, Marcia Weidenmier</creatorcontrib><description>In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breached companies. On average, breaches result in less than −0.3 percent cumulative abnormal returns in the short window around the breach disclosure. Except for a few catastrophic breaches, the nominal difference in cumulative abnormal returns between breach companies and the matched companies disappears within days after the breach. We also test whether data breaches affect future accounting measures of performance, audit and other fees, and future Sarbanes-Oxley Section 404 reports of material internal control weaknesses, but find no differences between breach and matched companies. Our results address the question why companies are not spending more to reduce breaches. We conclude by providing a few explanations of why there appears to be an effect at the economy-wide level, but no noticeable effect on individual company performance.</description><identifier>ISSN: 0888-7985</identifier><identifier>EISSN: 1558-7959</identifier><identifier>DOI: 10.2308/isys-52379</identifier><language>eng</language><publisher>Sarasota: American Accounting Association</publisher><subject>Audits ; Breach of contract ; Computer privacy ; Data collection ; Data integrity ; Economic impact</subject><ispartof>The Journal of information systems, 2019-09, Vol.33 (3), p.227-265</ispartof><rights>Copyright American Accounting Association Fall 2019</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c291t-daed5866cf7ad95180f56afabe308e048351ddb402aa4fb5bd06194414d2ba543</citedby><cites>FETCH-LOGICAL-c291t-daed5866cf7ad95180f56afabe308e048351ddb402aa4fb5bd06194414d2ba543</cites><orcidid>0000-0002-3397-3744</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Richardson, Vernon J.</creatorcontrib><creatorcontrib>Smith, Rodney E.</creatorcontrib><creatorcontrib>Watson, Marcia Weidenmier</creatorcontrib><title>Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches</title><title>The Journal of information systems</title><description>In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breached companies. On average, breaches result in less than −0.3 percent cumulative abnormal returns in the short window around the breach disclosure. Except for a few catastrophic breaches, the nominal difference in cumulative abnormal returns between breach companies and the matched companies disappears within days after the breach. We also test whether data breaches affect future accounting measures of performance, audit and other fees, and future Sarbanes-Oxley Section 404 reports of material internal control weaknesses, but find no differences between breach and matched companies. Our results address the question why companies are not spending more to reduce breaches. We conclude by providing a few explanations of why there appears to be an effect at the economy-wide level, but no noticeable effect on individual company performance.</description><subject>Audits</subject><subject>Breach of contract</subject><subject>Computer privacy</subject><subject>Data collection</subject><subject>Data integrity</subject><subject>Economic impact</subject><issn>0888-7985</issn><issn>1558-7959</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNotkMtOwzAQRS0EEqGw4QsssQGkgB3bicOulAKVSmFR1tbED5JC62InSPl7UspqRqOjuboHoXNKbjJG5G0T-5iKjBXlAUqoEDItSlEeooRIudulOEYnMa4IIcVAJWjx0ukaj43HUPmuxQvf1s3m4w4va4sv56A_sXdXeKr9xq8bjWfrLeh2uOEHaAG_heYHdI_vgwVd23iKjhx8RXv2P0fo_XG6nDyn89en2WQ8T3VW0jY1YI2Qea5dAaYUVBIncnBQ2aGEJVwyQY2pOMkAuKtEZUhOS84pN1kFgrMRutj_3Qb_3dnYqpXvwmaIVBljlBWyyMlAXe8pHXyMwTq1Dc0aQq8oUTtfaudL_flivyxMXJQ</recordid><startdate>20190901</startdate><enddate>20190901</enddate><creator>Richardson, Vernon J.</creator><creator>Smith, Rodney E.</creator><creator>Watson, Marcia Weidenmier</creator><general>American Accounting Association</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-3397-3744</orcidid></search><sort><creationdate>20190901</creationdate><title>Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches</title><author>Richardson, Vernon J. ; Smith, Rodney E. ; Watson, Marcia Weidenmier</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c291t-daed5866cf7ad95180f56afabe308e048351ddb402aa4fb5bd06194414d2ba543</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Audits</topic><topic>Breach of contract</topic><topic>Computer privacy</topic><topic>Data collection</topic><topic>Data integrity</topic><topic>Economic impact</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Richardson, Vernon J.</creatorcontrib><creatorcontrib>Smith, Rodney E.</creatorcontrib><creatorcontrib>Watson, Marcia Weidenmier</creatorcontrib><collection>CrossRef</collection><jtitle>The Journal of information systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Richardson, Vernon J.</au><au>Smith, Rodney E.</au><au>Watson, Marcia Weidenmier</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches</atitle><jtitle>The Journal of information systems</jtitle><date>2019-09-01</date><risdate>2019</risdate><volume>33</volume><issue>3</issue><spage>227</spage><epage>265</epage><pages>227-265</pages><issn>0888-7985</issn><eissn>1558-7959</eissn><abstract>In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breached companies. On average, breaches result in less than −0.3 percent cumulative abnormal returns in the short window around the breach disclosure. Except for a few catastrophic breaches, the nominal difference in cumulative abnormal returns between breach companies and the matched companies disappears within days after the breach. We also test whether data breaches affect future accounting measures of performance, audit and other fees, and future Sarbanes-Oxley Section 404 reports of material internal control weaknesses, but find no differences between breach and matched companies. Our results address the question why companies are not spending more to reduce breaches. We conclude by providing a few explanations of why there appears to be an effect at the economy-wide level, but no noticeable effect on individual company performance.</abstract><cop>Sarasota</cop><pub>American Accounting Association</pub><doi>10.2308/isys-52379</doi><tpages>39</tpages><orcidid>https://orcid.org/0000-0002-3397-3744</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 0888-7985
ispartof The Journal of information systems, 2019-09, Vol.33 (3), p.227-265
issn 0888-7985
1558-7959
language eng
recordid cdi_proquest_journals_2331378760
source Business Source Complete
subjects Audits
Breach of contract
Computer privacy
Data collection
Data integrity
Economic impact
title Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-01T06%3A05%3A21IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Much%20Ado%20about%20Nothing:%20The%20(Lack%20of)%20Economic%20Impact%20of%20Data%20Privacy%20Breaches&rft.jtitle=The%20Journal%20of%20information%20systems&rft.au=Richardson,%20Vernon%20J.&rft.date=2019-09-01&rft.volume=33&rft.issue=3&rft.spage=227&rft.epage=265&rft.pages=227-265&rft.issn=0888-7985&rft.eissn=1558-7959&rft_id=info:doi/10.2308/isys-52379&rft_dat=%3Cproquest_cross%3E2331378760%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2331378760&rft_id=info:pmid/&rfr_iscdi=true