Stock market reactions to favorable and unfavorable information security events: A systematic literature review

•Increasing uses of digital technologies usher in new generations of cyberattacks that require old security viewpoints to be reconsidered.•Conducted a systematic literature review of favorable and unfavorable information security events on stock market reactions.•The efficient market hypothesis applies to these events, and stock markets are more sensitive to unfavorable events and market efficiency is stronger for favorable events.•We find that the magnitude of stock market reactions to ISec event announcements are contingent on time frame, industry type, breach type, and firm size.•The trend toward an ever-evolving digital technologies landscape indicates a strong need for ISec to intersect with digital transformation research. The rapid digital transformations across every industry sector, accelerated partly due to the COVID-19 pandemic, have increased organizations’ use of information systems for operational and strategic purposes. These organizational responses have led to a confluence of digital, biological, and physical technologies that are revolutionizing business practices and workflows. But accompanying the pervasive use of digital technologies and the evolutionary nature of digital assets, is a shifting world of cyberattacks and information security (ISec) cybercrimes. Dynamic cybercrimes make it increasingly difficult for managers and researchers to anticipate the types, magnitude, and severity of future information security (ISec) breaches. Thus, we perform a systematic literature review (SLR) that explores, gathers, and categorizes event studies to examine the influence of favorable and unfavorable ISec events on stock markets. We extend the research conducted by Spanos and Angelis (2016) and provide a comprehensive understanding of the market’s efficiency to process public information released about ISec events, ISec contingency factors, and the influence of ISec events on stock prices and factors other than price. Our systematic search reveals 58 relevant papers that include 80 studies. We find that in 75% of the studies ISec events can significantly affect a company’s stock market performance, and that such effects are primarily exhibited within two days before and after the event day. Further, the magnitude of abnormal returns is higher in studies examining unfavorable ISec events, such as ISec breaches, compared to abnormal returns from favorable events, such as ISec investments and ISec certifications. In the end, our SLR serves as a fo