The Impact of Denial-of-Service Attack Announcements on the Market Value of Firms
The increase in security breaches in the last few years and the need to insure information assets has created an intensified interest in information risk within organizations and for insurance companies. Risk assessment is an important component in the establishment of security policies. However, very little is known of the financial impact and the risk associated with security breaches. This article reports the impact of Denial-of-Service (DOS) attack announcements on the market over a period of 4.5 years. The study was conducted using event study methodology. The results show that in general the market does not penalize companies that experience such an attack. However, there is an indication that the market penalizes “Internet-specific” companies more than other companies. Our results indicate that large companies who are not “Internet-specific” might be overreacting to the media hype and may be investing resources to prevent a problem that has marginal impact on their shareholder value.
Document Type: Research Article
Publication date: 2003-09-01