Ex-intrusion corporate cyber risk: evidence from internet protocol networks

IF 0.4 4区 经济学 Q4 BUSINESS, FINANCE Journal of Operational Risk Pub Date : 2021-09-22 DOI:10.21314/jop.2021.007
Bill Francis, Wenyao Hu, Thomas D. Shohfi
{"title":"Ex-intrusion corporate cyber risk: evidence from internet protocol networks","authors":"Bill Francis, Wenyao Hu, Thomas D. Shohfi","doi":"10.21314/jop.2021.007","DOIUrl":null,"url":null,"abstract":"Previous event studies of corporate cyber-risk have been limited to successful attacks on public firms but are biased samples constructed based on the economic magnitude of equity losses. To address this selection bias, we construct a larger and more representative sample of cyber intrusions only to find diminished negative equity (and insignificant corporate bond) market reactions compared to these prior studies. To identify cyber-risk irrespective of observing successful attacks, we match public firms to Internet protocol (IP) network data from the American Registry for Internet Numbers (ARIN) from 1991 to 2017. We find that both stockholders and creditors incorporate external IP network size into firm value. Further, debt and equity market reactions to cyberattacks are mitigated for firms with registered IP networks and that have larger network deployments. Overall, our study demonstrates an important public data source that can help institutions proxy for and more accurately price firm cybersecurity risk.","PeriodicalId":54030,"journal":{"name":"Journal of Operational Risk","volume":"1 1","pages":""},"PeriodicalIF":0.4000,"publicationDate":"2021-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Operational Risk","FirstCategoryId":"96","ListUrlMain":"https://doi.org/10.21314/jop.2021.007","RegionNum":4,"RegionCategory":"经济学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}
引用次数: 1

Abstract

Previous event studies of corporate cyber-risk have been limited to successful attacks on public firms but are biased samples constructed based on the economic magnitude of equity losses. To address this selection bias, we construct a larger and more representative sample of cyber intrusions only to find diminished negative equity (and insignificant corporate bond) market reactions compared to these prior studies. To identify cyber-risk irrespective of observing successful attacks, we match public firms to Internet protocol (IP) network data from the American Registry for Internet Numbers (ARIN) from 1991 to 2017. We find that both stockholders and creditors incorporate external IP network size into firm value. Further, debt and equity market reactions to cyberattacks are mitigated for firms with registered IP networks and that have larger network deployments. Overall, our study demonstrates an important public data source that can help institutions proxy for and more accurately price firm cybersecurity risk.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
前入侵企业网络风险:来自互联网协议网络的证据
以前对企业网络风险的事件研究仅限于对上市公司的成功攻击,而且是基于股权损失的经济规模构建的有偏见的样本。为了解决这种选择偏差,我们构建了一个更大、更有代表性的网络入侵样本,结果发现与之前的研究相比,负资产(和微不足道的公司债券)市场反应有所减少。为了识别网络风险,无论是否观察到成功的攻击,我们将上市公司与1991年至2017年美国互联网号码注册局(ARIN)的互联网协议(IP)网络数据进行了匹配。我们发现股东和债权人都将外部IP网络规模纳入公司价值。此外,对于拥有注册IP网络和拥有更大网络部署的公司来说,债务和股票市场对网络攻击的反应会有所缓解。总的来说,我们的研究展示了一个重要的公共数据源,可以帮助机构代理和更准确地定价企业网络安全风险。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Operational Risk
Journal of Operational Risk BUSINESS, FINANCE-
CiteScore
1.00
自引率
40.00%
发文量
6
期刊介绍: In December 2017, the Basel Committee published the final version of its standardized measurement approach (SMA) methodology, which will replace the approaches set out in Basel II (ie, the simpler standardized approaches and advanced measurement approach (AMA) that allowed use of internal models) from January 1, 2022. Independently of the Basel III rules, in order to manage and mitigate risks, they still need to be measurable by anyone. The operational risk industry needs to keep that in mind. While the purpose of the now defunct AMA was to find out the level of regulatory capital to protect a firm against operational risks, we still can – and should – use models to estimate operational risk economic capital. Without these, the task of managing and mitigating capital would be incredibly difficult. These internal models are now unshackled from regulatory requirements and can be optimized for managing the daily risks to which financial institutions are exposed. In addition, operational risk models can and should be used for stress tests and Comprehensive Capital Analysis and Review (CCAR). The Journal of Operational Risk also welcomes papers on nonfinancial risks as well as topics including, but not limited to, the following. The modeling and management of operational risk. Recent advances in techniques used to model operational risk, eg, copulas, correlation, aggregate loss distributions, Bayesian methods and extreme value theory. The pricing and hedging of operational risk and/or any risk transfer techniques. Data modeling external loss data, business control factors and scenario analysis. Models used to aggregate different types of data. Causal models that link key risk indicators and macroeconomic factors to operational losses. Regulatory issues, such as Basel II or any other local regulatory issue. Enterprise risk management. Cyber risk. Big data.
期刊最新文献
A risk-based internal audit methodology for Greek local government organizations Integrating text mining and analytic hierarchy process risk assessment with knowledge graphs for operational risk analysis Operational risk and regulatory capital: do public and private banks differ? Cyber risk definition and classification for financial risk management Audit committee characteristics and the audit report lag in Greece
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1