IDEAS home Printed from https://ideas.repec.org/p/cpb/discus/411.html

Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms

Author

Listed:
  • Milena Dinkova
  • Ramy El-Dardiry
  • Bastiaan Overvest

Abstract

This CPB discussion paper investigates the cybersecurity of Dutch small and medium-sized enterprises, the security measures they take and the relationship thereof with financial results. Often, small and medium-sized enterprises are identified as a particularly vulnerable group for cyber incidents. However, there is not much academic research focusing on the cyber security costs for those firms. In this paper, we employ representative survey data on ICT use and administrative tax record data on Dutch firms to understand how cybersecurity investments relate to the probability of cyber incidents and firm profitability. This dataset allows us to control for firm size, industry, and IT organization.

Suggested Citation

  • Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2020. "Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms," CPB Discussion Paper 411, CPB Netherlands Bureau for Economic Policy Analysis.
  • Handle: RePEc:cpb:discus:411
    as

    Download full text from publisher

    File URL: https://www.cpb.nl/system/files/cpbmedia/omnidownload/CPB-Discussion-Paper-411-Cyber-incidents-security-measures-and-financial-returns.pdf
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Bastiaan Overvest & Bas Straathof, 2015. "What drives cybercrime? Empirical evidence from DDoS attacks," CPB Discussion Paper 306.rdf, CPB Netherlands Bureau for Economic Policy Analysis.
    2. Bastiaan Overvest & Bas Straathof, 2015. "What drives cybercrime? Empirical evidence from DDoS attacks," CPB Discussion Paper 306, CPB Netherlands Bureau for Economic Policy Analysis.
    3. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    4. Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
    5. Eli Amir & Shai Levi & Tsafrir Livne, 2018. "Do firms underreport information on cyber-attacks? Evidence from capital markets," Review of Accounting Studies, Springer, vol. 23(3), pages 1177-1206, September.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2024. "Should firms invest more in cybersecurity?," Small Business Economics, Springer, vol. 63(1), pages 21-50, June.
    2. Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2020. "Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms," CPB Discussion Paper 411.rdf, CPB Netherlands Bureau for Economic Policy Analysis.
    3. Lin, Weizheng & Wang, Chih-Wei & Li, Ying-Jie & Chen, Jian-Yun, 2025. "From green to digital: Exploring the role of ecological footprints on cybersecurity risk," Energy Economics, Elsevier, vol. 146(C).
    4. repec:ofr:report:17-2 is not listed on IDEAS
    5. Chelsea Liu & Muhammad Ali Babar, 2026. "Corporate cybersecurity risk and data breaches: A systematic review of empirical research," Australian Journal of Management, Australian School of Business, vol. 51(1), pages 62-92, February.
    6. Martins, António Miguel & Moutinho, Nuno, 2025. "Stock-Term market impact of major cyber-attacks: Evidence for the ten most exposed insurance firms to cyber risk," Finance Research Letters, Elsevier, vol. 71(C).
    7. Rezaee, Zabihollah & Zhou, Gaoguang & Bu, Luofan (Luther), 2024. "Corporate social irresponsibility and the occurrence of data breaches: A stakeholder management perspective," International Journal of Accounting Information Systems, Elsevier, vol. 53(C).
    8. Lee, Chien-Chiang & Wang, Chih-Wei & Lin, Weizheng & Chen, En-Jia, 2025. "Cyber risk and corporate share repurchases," International Review of Financial Analysis, Elsevier, vol. 103(C).
    9. Wang, Duo & Hu, Yunge & Li, Yanxi, 2026. "Cybersecurity risk and corporate maturity mismatch," International Review of Financial Analysis, Elsevier, vol. 109(C).
    10. Akyildirim, Erdinc & Conlon, Thomas & Corbet, Shaen & Hou, Yang (Greg), 2024. "HACKED: Understanding the stock market response to cyberattacks," Journal of International Financial Markets, Institutions and Money, Elsevier, vol. 97(C).
    11. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.
    12. Xu, Jing, 2025. "Cybersecurity governance and corporate innovation: evidence from China," Finance Research Letters, Elsevier, vol. 82(C).
    13. Lisa Yao Liu, 2025. "Financial Statement Audits and Data Breaches," Management Science, INFORMS, vol. 71(8), pages 6340-6366, August.
    14. Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
    15. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    16. Chris Florackis & Christodoulos Louca & Roni Michaely & Michael Weber, 2023. "Cybersecurity Risk," The Review of Financial Studies, Society for Financial Studies, vol. 36(1), pages 351-407.
    17. Kwangmin Jung & Chanjin Kim & Jiyeon Yun, 2025. "The effect of corporate risk management on cyber risk mitigation: Evidence from the insurance industry," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 50(2), pages 259-301, April.
    18. Xuanpu Lin & Guoman She, 2025. "Timely Cybersecurity Disclosure and Information Manipulation," Management Science, INFORMS, vol. 71(11), pages 9308-9327, November.
    19. Cao, Hung & Phan, Hieu V. & Silveri, Sabatino, 2024. "Data breach disclosures and stock price crash risk: Evidence from data breach notification laws," International Review of Financial Analysis, Elsevier, vol. 93(C).
    20. Office of Financial Research (ed.), 2017. "2017 Financial Stability Report," Reports, Office of Financial Research, US Department of the Treasury, number 17-02, September.
    21. Shuai Chen & Mengmeng Hao & Fangyu Ding & Dong Jiang & Jiping Dong & Shize Zhang & Qiquan Guo & Chundong Gao, 2023. "Exploring the global geography of cybercrime and its driving forces," Humanities and Social Sciences Communications, Palgrave Macmillan, vol. 10(1), pages 1-10, December.

    More about this item

    JEL classification:

    • D22 - Microeconomics - - Production and Organizations - - - Firm Behavior: Empirical Analysis
    • D83 - Microeconomics - - Information, Knowledge, and Uncertainty - - - Search; Learning; Information and Knowledge; Communication; Belief; Unawareness
    • G14 - Financial Economics - - General Financial Markets - - - Information and Market Efficiency; Event Studies; Insider Trading
    • M15 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - IT Management

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:cpb:discus:411. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: the person in charge (email available below). General contact details of provider: https://edirc.repec.org/data/cpbgvnl.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.