Daniel Celeny, Loïc Maréchal, Evgueni Rousselot, Alain Mermoud, Mathias Humbert
{"title":"确定网络安全投资的优先次序:网络攻击成本决定因素事件研究的经验证据","authors":"Daniel Celeny, Loïc Maréchal, Evgueni Rousselot, Alain Mermoud, Mathias Humbert","doi":"arxiv-2402.04773","DOIUrl":null,"url":null,"abstract":"Along with the increasing frequency and severity of cyber incidents,\nunderstanding their economic implications is paramount. In this context, listed\nfirms' reactions to cyber incidents are compelling to study since they (i) are\na good proxy to estimate the costs borne by other organizations, (ii) have a\ncritical position in the economy, and (iii) have their financial information\npublicly available. We extract listed firms' cyber incident dates and\ncharacteristics from newswire headlines. We use an event study over 2012--2022,\nusing a three-day window around events and standard benchmarks. We find that\nthe magnitude of abnormal returns around cyber incidents is on par with\nprevious studies using newswire or alternative data to identify cyber\nincidents. Conversely, as we adjust the standard errors accounting for\nevent-induced variance and residual cross-correlation, we find that the\npreviously claimed significance of abnormal returns vanishes. Given these\nresults, we run a horse race of specifications, in which we test for the\nmarginal effects of type of cyber incidents, target firm sector, periods, and\ntheir interactions. Data breaches are the most detrimental incident type with\nan average loss of -1.3\\% or (USD -1.9 billion) over the last decade. The\nhealth sector is the most sensitive to cyber incidents, with an average loss of\n-5.21\\% (or USD -1.2 billion), and even more so when these are data breaches.\nInstead, we cannot show any time-varying effect of cyber incidents or a\nspecific effect of the type of news as had previously been advocated.","PeriodicalId":501372,"journal":{"name":"arXiv - QuantFin - General Finance","volume":"16 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Prioritizing Investments in Cybersecurity: Empirical Evidence from an Event Study on the Determinants of Cyberattack Costs\",\"authors\":\"Daniel Celeny, Loïc Maréchal, Evgueni Rousselot, Alain Mermoud, Mathias Humbert\",\"doi\":\"arxiv-2402.04773\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Along with the increasing frequency and severity of cyber incidents,\\nunderstanding their economic implications is paramount. In this context, listed\\nfirms' reactions to cyber incidents are compelling to study since they (i) are\\na good proxy to estimate the costs borne by other organizations, (ii) have a\\ncritical position in the economy, and (iii) have their financial information\\npublicly available. We extract listed firms' cyber incident dates and\\ncharacteristics from newswire headlines. We use an event study over 2012--2022,\\nusing a three-day window around events and standard benchmarks. We find that\\nthe magnitude of abnormal returns around cyber incidents is on par with\\nprevious studies using newswire or alternative data to identify cyber\\nincidents. Conversely, as we adjust the standard errors accounting for\\nevent-induced variance and residual cross-correlation, we find that the\\npreviously claimed significance of abnormal returns vanishes. Given these\\nresults, we run a horse race of specifications, in which we test for the\\nmarginal effects of type of cyber incidents, target firm sector, periods, and\\ntheir interactions. Data breaches are the most detrimental incident type with\\nan average loss of -1.3\\\\% or (USD -1.9 billion) over the last decade. The\\nhealth sector is the most sensitive to cyber incidents, with an average loss of\\n-5.21\\\\% (or USD -1.2 billion), and even more so when these are data breaches.\\nInstead, we cannot show any time-varying effect of cyber incidents or a\\nspecific effect of the type of news as had previously been advocated.\",\"PeriodicalId\":501372,\"journal\":{\"name\":\"arXiv - QuantFin - General Finance\",\"volume\":\"16 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-02-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - QuantFin - General Finance\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2402.04773\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - QuantFin - General Finance","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2402.04773","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Prioritizing Investments in Cybersecurity: Empirical Evidence from an Event Study on the Determinants of Cyberattack Costs
Along with the increasing frequency and severity of cyber incidents,
understanding their economic implications is paramount. In this context, listed
firms' reactions to cyber incidents are compelling to study since they (i) are
a good proxy to estimate the costs borne by other organizations, (ii) have a
critical position in the economy, and (iii) have their financial information
publicly available. We extract listed firms' cyber incident dates and
characteristics from newswire headlines. We use an event study over 2012--2022,
using a three-day window around events and standard benchmarks. We find that
the magnitude of abnormal returns around cyber incidents is on par with
previous studies using newswire or alternative data to identify cyber
incidents. Conversely, as we adjust the standard errors accounting for
event-induced variance and residual cross-correlation, we find that the
previously claimed significance of abnormal returns vanishes. Given these
results, we run a horse race of specifications, in which we test for the
marginal effects of type of cyber incidents, target firm sector, periods, and
their interactions. Data breaches are the most detrimental incident type with
an average loss of -1.3\% or (USD -1.9 billion) over the last decade. The
health sector is the most sensitive to cyber incidents, with an average loss of
-5.21\% (or USD -1.2 billion), and even more so when these are data breaches.
Instead, we cannot show any time-varying effect of cyber incidents or a
specific effect of the type of news as had previously been advocated.