This research informs an ongoing debate regarding a firm’s incentives to invest in information security. Previous research reported that data breaches have had a decreasing impact on a company’s stock price over time, leading researchers to conclude that market-based incentives are decreasingly effective. Some information security economists also suggested that further regulation is necessary because they found that capital market participants poorly accounted for the spillover effects of a breach—the effects of a breach that are external to the breached company. However, some studies indicate that sector-wide systematic risk could measure spillover effects and that the effects of a data breach on systematic risk may have changed over time. The purpose of this study was to quantitatively describe the relationship between the data breach of a firm and changes to the systematic risk of that firm’s sector. This dissertation used event studies of sector-wide systematic risk within American stock markets to measure the external effects of breaches that occurred in companies within the financial, technology, healthcare and services sectors. The use of a repeated measures analysis of variance between those event studies allowed examination of longitudinal changes to sector-wide systematic risk between 2006 through 2016. This analysis found that the breach of an individual company had a significant impact on the systematic risk for that company’s entire sector (1.08% in 2016) and that these impacts have increased over time (p = 0.015). The results were consistent across all measured sectors, without any significant correlation attributable to the scope of the breach. Together, these findings suggest that market forces are increasingly incentivizing sector-wide investment in information security. Further research should consider the potential for government enforced meta-regulation of sector defined information security standards.
|Commitee:||Meredith, James, Robinson Lind, Mary|
|Department:||Business and Technology|
|School Location:||United States -- Minnesota|
|Source:||DAI-B 79/01(E), Dissertation Abstracts International|
|Subjects:||Information Technology, Economics, Finance|
|Keywords:||Data breach, Event study, Information security economics, Meta regulation, Repeated measures, Systematic risk|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be