Dissertation/Thesis Abstract

Effects of Data Breaches on Sector-Wide Systematic Risk in Financial, Technology, Healthcare and Services Sectors
by Pelletier, Justin M., Ph.D., Capella University, 2017, 104; 10615009
Abstract (Summary)

This research informs an ongoing debate regarding a firm’s incentives to invest in information security. Previous research reported that data breaches have had a decreasing impact on a company’s stock price over time, leading researchers to conclude that market-based incentives are decreasingly effective. Some information security economists also suggested that further regulation is necessary because they found that capital market participants poorly accounted for the spillover effects of a breach—the effects of a breach that are external to the breached company. However, some studies indicate that sector-wide systematic risk could measure spillover effects and that the effects of a data breach on systematic risk may have changed over time. The purpose of this study was to quantitatively describe the relationship between the data breach of a firm and changes to the systematic risk of that firm’s sector. This dissertation used event studies of sector-wide systematic risk within American stock markets to measure the external effects of breaches that occurred in companies within the financial, technology, healthcare and services sectors. The use of a repeated measures analysis of variance between those event studies allowed examination of longitudinal changes to sector-wide systematic risk between 2006 through 2016. This analysis found that the breach of an individual company had a significant impact on the systematic risk for that company’s entire sector (1.08% in 2016) and that these impacts have increased over time (p = 0.015). The results were consistent across all measured sectors, without any significant correlation attributable to the scope of the breach. Together, these findings suggest that market forces are increasingly incentivizing sector-wide investment in information security. Further research should consider the potential for government enforced meta-regulation of sector defined information security standards.

Indexing (document details)
Advisor: Vucetic, Jelena
Commitee: Meredith, James, Robinson Lind, Mary
School: Capella University
Department: Business and Technology
School Location: United States -- Minnesota
Source: DAI-B 79/01(E), Dissertation Abstracts International
Source Type: DISSERTATION
Subjects: Information Technology, Economics, Finance
Keywords: Data breach, Event study, Information security economics, Meta regulation, Repeated measures, Systematic risk
Publication Number: 10615009
ISBN: 9780355147247