IDEAS home Printed from https://ideas.repec.org/p/ecl/ohidic/2018-04.html
   My bibliography  Save this paper

What Is the Impact of Successful Cyberattacks on Target Firms?

Author

Listed:
  • Kamiya, Shinichi

    (Nanyang Technological University)

  • Kang, Jun-Koo

    (Nanyang Technological University)

  • Kim, Jungmin

    (Hong Kong Polytechnic University)

  • Milidonis, Andreas

    (University of Cyprus)

  • Stulz, Rene M.

    (Ohio State University)

Abstract

We examine which firms are targets of successful cyberattacks and how they are affected. We find that cyberattacks are more likely to occur at larger and more visible firms, more highly valued firms, firms with more intangible assets, and firms with less board attention to risk management. These attacks affect firms adversely when consumer financial information is appropriated, but seem to have little impact otherwise. Attacks where consumer financial information is appropriated are associated with a significant negative stock market reaction, an increase in leverage following greater debt issuance, a deterioration in credit ratings, and an increase in cash flow volatility. These attacks also affect sales growth adversely for large firms and firms in retail industries, and there is evidence that they decrease investment in the short run. Affected firms respond to such attacks by cutting the CEO's bonus as a fraction of total compensation, by reducing the risk-taking incentives of management, and by taking actions to strengthen their risk management. The evidence is consistent with cyberattacks increasing boards' assessment of target firm risk exposures and decreasing their risk appetite.

Suggested Citation

  • Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, Rene M., 2018. "What Is the Impact of Successful Cyberattacks on Target Firms?," Working Paper Series 2018-04, Ohio State University, Charles A. Dice Center for Research in Financial Economics.
    • Handle: RePEc:ecl:ohidic:2018-04
    as

    Download full text from publisher

    File URL: https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID3135514_code1542588.pdf?abstractid=3135514&mirid=1
    Download Restriction: no
    ---><---

    Other versions of this item:

    References listed on IDEAS

    as
    1. Chan, Lilian H. & Chen, Kevin C.W. & Chen, Tai-Yuan, 2013. "The effects of firm-initiated clawback provisions on bank loan contracting," Journal of Financial Economics, Elsevier, vol. 110(3), pages 659-679.
    2. Nicola Gennaioli & Andrei Shleifer & Robert Vishny, 2015. "Neglected Risks: The Psychology of Financial Crises," American Economic Review, American Economic Association, vol. 105(5), pages 310-314, May.
    3. Anat Hovav & John D'Arcy, 2003. "The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 6(2), pages 97-121, September.
    4. Titman, Sheridan & Wessels, Roberto, 1988. " The Determinants of Capital Structure Choice," Journal of Finance, American Finance Association, vol. 43(1), pages 1-19, March.
    5. Bryan, Stephen & Hwang, LeeSeok & Lilien, Steven, 2000. "CEO Stock-Based Compensation: An Empirical Analysis of Incentive-Intensity, Relative Mix, and Economic Determinants," The Journal of Business, University of Chicago Press, vol. 73(4), pages 661-693, October.
    6. Cummins, J. David & Lewis, Christopher M. & Wei, Ran, 2006. "The market value impact of operational loss events for US banks and insurers," Journal of Banking & Finance, Elsevier, vol. 30(10), pages 2605-2634, October.
    7. Fama, Eugene F. & French, Kenneth R., 1993. "Common risk factors in the returns on stocks and bonds," Journal of Financial Economics, Elsevier, vol. 33(1), pages 3-56, February.
    8. Titman, Sheridan, 1984. "The effect of capital structure on a firm's liquidation decision," Journal of Financial Economics, Elsevier, vol. 13(1), pages 137-151, March.
    9. Coles, Jeffrey L. & Daniel, Naveen D. & Naveen, Lalitha, 2006. "Managerial incentives and risk-taking," Journal of Financial Economics, Elsevier, vol. 79(2), pages 431-468, February.
    10. Bakke, Tor-Erik & Mahmudi, Hamed & Fernando, Chitru S. & Salas, Jesus M., 2016. "The causal effect of option pay on corporate risk management," Journal of Financial Economics, Elsevier, vol. 120(3), pages 623-643.
    11. Milidonis, Andreas & Stathopoulos, Konstantinos, 2014. "Managerial Incentives, Risk Aversion, and Debt," Journal of Financial and Quantitative Analysis, Cambridge University Press, vol. 49(2), pages 453-481, April.
    12. Guay, Wayne R., 1999. "The sensitivity of CEO wealth to equity risk: an analysis of the magnitude and determinants," Journal of Financial Economics, Elsevier, vol. 53(1), pages 43-71, July.
    13. Marco Caliendo & Sabine Kopeinig, 2008. "Some Practical Guidance For The Implementation Of Propensity Score Matching," Journal of Economic Surveys, Wiley Blackwell, vol. 22(1), pages 31-72, February.
    14. Sudip Datta & Mai Iskandar‐Datta & Kartik Raman, 2001. "Executive Compensation and Corporate Acquisition Decisions," Journal of Finance, American Finance Association, vol. 56(6), pages 2299-2336, December.
    15. Toni M. Whited & Guojun Wu, 2006. "Financial Constraints Risk," Review of Financial Studies, Society for Financial Studies, vol. 19(2), pages 531-559.
    16. Harley E Ryan & Roy A Wiggins, 2002. "The Interaction between R&D Investment Decisions and Compensation Policy," Financial Management, Financial Management Association, vol. 31(1), Spring.
    17. Rosati, Pierangelo & Cummins, Mark & Deeney, Peter & Gogolin, Fabian & van der Werff, Lisa & Lynn, Theo, 2017. "The effect of data breach announcements beyond the stock price: Empirical evidence on market activity," International Review of Financial Analysis, Elsevier, vol. 49(C), pages 146-154.
    18. Carhart, Mark M, 1997. "On Persistence in Mutual Fund Performance," Journal of Finance, American Finance Association, vol. 52(1), pages 57-82, March.
    19. Gormley, Todd A. & Matsa, David A. & Milbourn, Todd, 2013. "CEO compensation and corporate risk: Evidence from a natural experiment," Journal of Accounting and Economics, Elsevier, vol. 56(2), pages 79-101.
    20. Smith, Clifford W. & Stulz, René M., 1985. "The Determinants of Firms' Hedging Policies," Journal of Financial and Quantitative Analysis, Cambridge University Press, vol. 20(4), pages 391-405, December.
    21. Froot, Kenneth A & Scharfstein, David S & Stein, Jeremy C, 1993. "Risk Management: Coordinating Corporate Investment and Financing Policies," Journal of Finance, American Finance Association, vol. 48(5), pages 1629-1658, December.
    22. Frank, Murray Z. & Goyal, Vidhan K., 2003. "Testing the pecking order theory of capital structure," Journal of Financial Economics, Elsevier, vol. 67(2), pages 217-248, February.
    23. Shumway, Tyler, 2001. "Forecasting Bankruptcy More Accurately: A Simple Hazard Model," The Journal of Business, University of Chicago Press, vol. 74(1), pages 101-124, January.
    24. Chernobai, Anna & Jorion, Philippe & Yu, Fan, 2011. "The Determinants of Operational Risk in U.S. Financial Institutions," Journal of Financial and Quantitative Analysis, Cambridge University Press, vol. 46(6), pages 1683-1725, December.
    25. repec:cup:jfinqa:v:46:y:2011:i:06:p:1683-1725_00 is not listed on IDEAS
    26. Hayes, Rachel M. & Lemmon, Michael & Qiu, Mingming, 2012. "Stock options and managerial incentives for risk taking: Evidence from FAS 123R," Journal of Financial Economics, Elsevier, vol. 105(1), pages 174-190.
    27. Steven N. Kaplan & Luigi Zingales, 1997. "Do Investment-Cash Flow Sensitivities Provide Useful Measures of Financing Constraints?," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 112(1), pages 169-215.
    28. Kevin M. Gatzlaff & Kathleen A. McCullough, 2010. "The Effect of Data Breaches on Shareholder Wealth," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 13(1), pages 61-83, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Chris Florakis & Christodoulos Louca & Roni Michaely & Michael Weber, 2020. "Cybersecurity Risk," Working Papers 2020-178, Becker Friedman Institute for Research In Economics.
    2. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.
    3. Franklin Allen & Xian Gu & Julapa Jagtiani, 2021. "A Survey of Fintech Research and Policy Discussion," Review of Corporate Finance, now publishers, vol. 1(3-4), pages 259-339, July.
    4. Mendiela, Pauline, 2021. "Information security breaches and financial market reaction: the French case," MPRA Paper 105029, University Library of Munich, Germany.
    5. Lorenz Bohn & Dirk Schiereck, 2023. "Regulation of data breach publication: the case of US healthcare and the HITECH act," Journal of Economics and Finance, Springer;Academy of Economics and Finance, vol. 47(2), pages 386-399, June.
    6. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    7. Michael McShane & Trung Nguyen, 0. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-36.
    8. Joseph Goh & Mr. Heedon Kang & Zhi Xing Koh & Jin Way Lim & Cheng Wei Ng & Galen Sher & Chris Yao, 2020. "Cyber Risk Surveillance: A Case Study of Singapore," IMF Working Papers 2020/028, International Monetary Fund.
    9. International Monetary Fund, 2019. "Singapore: Financial Sector Assessment Program; Technical Note-Financial Stability Analysis and Stress Testing," IMF Staff Country Reports 2019/228, International Monetary Fund.
    10. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    11. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    12. Priya Garg, 2020. "Cybersecurity breaches and cash holdings: Spillover effect," Financial Management, Financial Management Association International, vol. 49(2), pages 503-519, June.
    13. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    14. Wang, Shaun S., 2019. "Integrated framework for information security investment and cyber insurance," Pacific-Basin Finance Journal, Elsevier, vol. 57(C).
    15. Guglielmo Maria Caporale & Woo-Young Kang & Fabio Spagnolo & Nicola Spagnolo, 2020. "Cyber-Attacks, Cryptocurrencies, and Cyber Security," CESifo Working Paper Series 8124, CESifo.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    2. Winston Wei Dou & Yan Ji & David Reibstein & Wei Wu, 2021. "Inalienable Customer Capital, Corporate Liquidity, and Stock Returns," Journal of Finance, American Finance Association, vol. 76(1), pages 211-265, February.
    3. David Aboody & Shai Levi & Dan Weiss, 2018. "Managerial incentives, options, and cost-structure choices," Review of Accounting Studies, Springer, vol. 23(2), pages 422-451, June.
    4. Liu, Claire & Masulis, Ronald W. & Stanfield, Jared, 2021. "Why CEO option compensation can be a bad option for shareholders: Evidence from major customer relationships," Journal of Financial Economics, Elsevier, vol. 142(1), pages 453-481.
    5. Giau Bui, Dien & Chen, Yehning & Lin, Chih-Yung & Lin, Tse-Chun, 2021. "Risk-taking of bank CEOs and corporate innovation," Journal of International Money and Finance, Elsevier, vol. 115(C).
    6. Li, Xia & Gupta, Jairaj & Bu, Ziwen & Kannothra, Chacko George, 2023. "Effect of cash flow risk on corporate failures, and the moderating role of earnings management and abnormal compensation," International Review of Financial Analysis, Elsevier, vol. 89(C).
    7. Hong, Jieying, 2019. "Managerial compensation incentives and corporate debt maturity: Evidence from FAS 123R," Journal of Corporate Finance, Elsevier, vol. 56(C), pages 388-414.
    8. Chen, Jie & Su, Xunhua & Tian, Xuan & Xu, Bin, 2022. "Does customer-base structure influence managerial risk-taking incentives?," Journal of Financial Economics, Elsevier, vol. 143(1), pages 462-483.
    9. Ellul, Andrew & WANG, Cong & Zhang, Kuo, 2016. "Labor Unemployment Risk and CEO Incentive Compensation," CEPR Discussion Papers 11634, C.E.P.R. Discussion Papers.
    10. Shen, Carl Hsin-han & Zhang, Hao, 2013. "CEO risk incentives and firm performance following R&D increases," Journal of Banking & Finance, Elsevier, vol. 37(4), pages 1176-1194.
    11. repec:zbw:bofrdp:2017_016 is not listed on IDEAS
    12. Huang, Pinghsun & Huang, Hsin-Yi & Zhang, Yan, 2019. "Do firms hedge with foreign currency derivatives for employees?," Journal of Financial Economics, Elsevier, vol. 133(2), pages 418-440.
    13. Castro, Paula & Keasey, Kevin & Amor-Tapia, Borja & Tascon, Maria T. & Vallascas, Francesco, 2020. "Does debt concentration depend on the risk-taking incentives in CEO compensation?," Journal of Corporate Finance, Elsevier, vol. 64(C).
    14. Francis, Bill B. & Hasan, Iftekhar & Hunter, Delroy M. & Zhu, Yun, 2017. "Do managerial risk-taking incentives influence firms' exchange rate exposure?," Journal of Corporate Finance, Elsevier, vol. 46(C), pages 154-169.
    15. Cai, Jie & Zhang, Zhe, 2011. "Leverage change, debt overhang, and stock prices," Journal of Corporate Finance, Elsevier, vol. 17(3), pages 391-402, June.
    16. Sinha, Pankaj & Agnihotri, Shalini, 2015. "Macroeconomic risk and firms financing decision: An empirical panel data investigation using system GMM," MPRA Paper 67088, University Library of Munich, Germany, revised 30 Sep 2015.
    17. Chen, Sheng-Syan & Wang, Yanzhi, 2012. "Financial constraints and share repurchases," Journal of Financial Economics, Elsevier, vol. 105(2), pages 311-331.
    18. Jie Chen & Woon Sau Leung & Wei Song & Davide Avino, 2018. "Does CDS trading affect risk-taking incentives in managerial compensation?," Working Papers 2018-19, Swansea University, School of Management.
    19. Çolak, Gönül & Korkeamäki, Timo, 2021. "CEO mobility and corporate policy risk," Journal of Corporate Finance, Elsevier, vol. 69(C).
    20. Florackis, Chris & Kanas, Angelos & Kostakis, Alexandros & Sainani, Sushil, 2020. "Idiosyncratic risk, risk-taking incentives and the relation between managerial ownership and firm value," European Journal of Operational Research, Elsevier, vol. 283(2), pages 748-766.
    21. Croci, Ettore & Petmezas, Dimitris, 2015. "Do risk-taking incentives induce CEOs to invest? Evidence from acquisitions," Journal of Corporate Finance, Elsevier, vol. 32(C), pages 1-23.

    More about this item

    JEL classification:

    • G14 - Financial Economics - - General Financial Markets - - - Information and Market Efficiency; Event Studies; Insider Trading
    • G32 - Financial Economics - - Corporate Finance and Governance - - - Financing Policy; Financial Risk and Risk Management; Capital and Ownership Structure; Value of Firms; Goodwill
    • G34 - Financial Economics - - Corporate Finance and Governance - - - Mergers; Acquisitions; Restructuring; Corporate Governance
    • G35 - Financial Economics - - Corporate Finance and Governance - - - Payout Policy

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ecl:ohidic:2018-04. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: the person in charge (email available below). General contact details of provider: https://edirc.repec.org/data/cdohsus.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.