HACKED: Understanding the Stock Market Response to Cyberattacks

Abstract

Increasing levels of digitisation makes firms more susceptible to cyberattacks and privacy violations. In this paper, we quantify the impact of cybercrime on company stock returns, using a large international sample. In the day after the cyber event, stock returns are found to decrease by -0.25% but the effect reverses in about two weeks. The magnitude of the stock market decrease is greatest for companies which have experienced reoccurring events and for breaches deemed to be severe. Finally, we show that the extent of the stock market decline is related to company specific characteristics, including size, volatility, credit ranking and asset volatility. The empirical results highlight important policy and regulatory issues, not least the need for cyber risk disclosure requirements.