IDEAS home Printed from https://ideas.repec.org/p/ecl/ohidic/2018-04.html

What Is the Impact of Successful Cyberattacks on Target Firms?

Author

Listed:
  • Kamiya, Shinichi

    (Nanyang Technological University)

  • Kang, Jun-Koo

    (Nanyang Technological University)

  • Kim, Jungmin

    (Hong Kong Polytechnic University)

  • Milidonis, Andreas

    (University of Cyprus)

  • Stulz, Rene M.

    (Ohio State University)

Abstract

We examine which firms are targets of successful cyberattacks and how they are affected. We find that cyberattacks are more likely to occur at larger and more visible firms, more highly valued firms, firms with more intangible assets, and firms with less board attention to risk management. These attacks affect firms adversely when consumer financial information is appropriated, but seem to have little impact otherwise. Attacks where consumer financial information is appropriated are associated with a significant negative stock market reaction, an increase in leverage following greater debt issuance, a deterioration in credit ratings, and an increase in cash flow volatility. These attacks also affect sales growth adversely for large firms and firms in retail industries, and there is evidence that they decrease investment in the short run. Affected firms respond to such attacks by cutting the CEO's bonus as a fraction of total compensation, by reducing the risk-taking incentives of management, and by taking actions to strengthen their risk management. The evidence is consistent with cyberattacks increasing boards' assessment of target firm risk exposures and decreasing their risk appetite.

Suggested Citation

  • Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, Rene M., 2018. "What Is the Impact of Successful Cyberattacks on Target Firms?," Working Paper Series 2018-04, Ohio State University, Charles A. Dice Center for Research in Financial Economics.
    • Handle: RePEc:ecl:ohidic:2018-04
    as

    Download full text from publisher

    File URL: https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID3135514_code1542588.pdf?abstractid=3135514&mirid=1
    Download Restriction: no
    ---><---

    Other versions of this item:

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    2. Joseph Goh & Mr. Heedon Kang & Zhi Xing Koh & Jin Way Lim & Cheng Wei Ng & Galen Sher & Chris Yao, 2020. "Cyber Risk Surveillance: A Case Study of Singapore," IMF Working Papers 2020/028, International Monetary Fund.
    3. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    4. Akyildirim, Erdinc & Conlon, Thomas & Corbet, Shaen & Hou, Yang (Greg), 2024. "HACKED: Understanding the stock market response to cyberattacks," Journal of International Financial Markets, Institutions and Money, Elsevier, vol. 97(C).
    5. Guglielmo Maria Caporale & Woo-Young Kang & Fabio Spagnolo & Nicola Spagnolo, 2020. "Cyber-Attacks, Cryptocurrencies, and Cyber Security," CESifo Working Paper Series 8124, CESifo.
    6. Elliott, M. & Jackson, M. O., 2024. "Supply Chain Disruptions, the Structure of Production Networks, and the Impact of Globalization," Cambridge Working Papers in Economics 2424, Faculty of Economics, University of Cambridge.
    7. Franklin Allen & Xian Gu & Julapa Jagtiani, 2021. "A Survey of Fintech Research and Policy Discussion," Review of Corporate Finance, now publishers, vol. 1(3-4), pages 259-339, July.
    8. Mendiela, Pauline, 2021. "Information security breaches and financial market reaction: the French case," MPRA Paper 105029, University Library of Munich, Germany.
    9. Lorenz Bohn & Dirk Schiereck, 2023. "Regulation of data breach publication: the case of US healthcare and the HITECH act," Journal of Economics and Finance, Springer;Academy of Economics and Finance, vol. 47(2), pages 386-399, June.
    10. Michael McShane & Trung Nguyen, 0. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-36.
    11. Priya Garg, 2020. "Cybersecurity breaches and cash holdings: Spillover effect," Financial Management, Financial Management Association International, vol. 49(2), pages 503-519, June.
    12. Wang, Shaun S., 2019. "Integrated framework for information security investment and cyber insurance," Pacific-Basin Finance Journal, Elsevier, vol. 57(C).
    13. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    14. Chris Florackis & Christodoulos Louca & Roni Michaely & Michael Weber, 2023. "Cybersecurity Risk," The Review of Financial Studies, Society for Financial Studies, vol. 36(1), pages 351-407.
    15. Liu, Xin & Liu, Chenlan & Duan, Mingzhe & Chen, Sicen, 2025. "Cash management amid HFCAA-Induced data breach risks: A comparative analysis of reactive vs. proactive responses in Chinese firms," International Review of Economics & Finance, Elsevier, vol. 99(C).
    16. International Monetary Fund, 2019. "Singapore: Financial Sector Assessment Program; Technical Note-Financial Stability Analysis and Stress Testing," IMF Staff Country Reports 2019/228, International Monetary Fund.
    17. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    18. Brho, Mazen & Jazairy, Amer & Glassburner, Aaron V., 2025. "The finance of cybersecurity: Quantitative modeling of investment decisions and net present value," International Journal of Production Economics, Elsevier, vol. 279(C).
    19. Singh, Amanjot, 2023. "Data breaches (hacking) and trade credit," Global Finance Journal, Elsevier, vol. 57(C).
    20. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.

    More about this item

    JEL classification:

    • G14 - Financial Economics - - General Financial Markets - - - Information and Market Efficiency; Event Studies; Insider Trading
    • G32 - Financial Economics - - Corporate Finance and Governance - - - Financing Policy; Financial Risk and Risk Management; Capital and Ownership Structure; Value of Firms; Goodwill
    • G34 - Financial Economics - - Corporate Finance and Governance - - - Mergers; Acquisitions; Restructuring; Corporate Governance
    • G35 - Financial Economics - - Corporate Finance and Governance - - - Payout Policy

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ecl:ohidic:2018-04. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: the person in charge (email available below). General contact details of provider: https://edirc.repec.org/data/cdohsus.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.