The Effect of Data Breaches on Shareholder Wealth

Document

Cited in

DOI	http://doi.org/10.1111/j.1540-6296.2010.01178.x
Published date	01 March 2010
Date	01 March 2010

Risk Management and Insurance Review, 2010, Vol.13, No. 1, 61-83

DOI: 10.1111/j.1540-6296.2010.01178.x

THE EFFECT OF DATA BREACHES ON SHAREHOLDER

WEALTH

Kevin M. Gatzlaff

Kathleen A. McCullough

ABSTRACT

Many companies face the risk of a data breach exposing stored personal infor-

mation of customers and employees. The frequency of such incidents has been

increasing over time and can result in signiﬁcant costs for the affected ﬁrm.

This article examines the stock market’s assessment of the cost of data breaches

at publicly traded companies in which personal information such as customer

and/or employee data are exposed. Using event study methodology on a sam-

ple of 77 events between the beginning of 2004 and the end of 2006, we ﬁnd

that the overall effect of a data breach on shareholder wealth is negative and

statistically signiﬁcant. Based on a cross-sectional analysis of the cumulative

abnormal returns, we ﬁnd a negative association between market reaction and

ﬁrms that are less forthcoming about the details of the breach. Wealso ﬁnd that

ﬁrms with higher market-to-book ratios experience greater negative abnormal

returns associated with a data breach. Further, we ﬁnd that ﬁrm size and sub-

sidiary status mitigate the negative effect of a data breach on the ﬁrm’s stock

price and that the negative market reaction to a data breach is more signiﬁcant

in the most recent time periods of the sample.

INTRODUCTION

Data breaches represent a signiﬁcant risk for many companies that store personal infor-

mation of customers and/or employees. If this information is accessed by an unautho-

rized party, identity theft or other fraud may result. The affected organization may face

ﬁnes or other penalties, in addition to notiﬁcation and security upgrade costs related to

the breach. Further, companies may incur costs resultingfrom litigation stemming from

the potential liability exposure. For these reasons, an examination of the stock market’s

assessment of the costs of data breaches is warranted.

Kevin M. Gatzlaff is an Assistant Professor of Insurance in the Department of Finance and

Insurance, Miller College of Business, Ball State University,phone: (765) 285-5167; fax: (765) 285-

4314; e-mail: kmgatzlaff@bsu.edu. Kathleen A. McCullough is an Associate Professor and State

Farm Insurance Professor in Risk Management/Insurance, College of Business, Florida State

University, phone: (850)-644-8358; fax: (850)-644-4077; e-mail: kmccullough@cob.fsu.edu. This

article was subject to double-blind peer review.The authors thank two anonymous reviewers for

their comments on this article, along with the PLUS Foundation, James Carson, Cassandra Cole,

and participants at the 2006 Southern Risk and Insurance Association Meeting.

62 RISK MANAGEMENT AND INSURANCE REVIEW

One of the most signiﬁcant events in the history of data breaches occurred at Choice-

Point. In February 2005, ChoicePoint, self-described as the “nation’s leading provider

of identiﬁcation and credential veriﬁcation services” (ChoicePoint, 2006), disclosed that

thieves had created false accounts for the purpose of obtaining personal information

with which to commit identity theft and subsequent fraud. Initially, ChoicePoint esti-

mated that the information of 140,000 people had been compromised, and at the time of

the announcement, more than 700 documented instances of identity theft had already

been directly linked to the data breach (Weber, 2005).

Since that time, the incidence of exposures that could lead to identity theft has noticeably

increased. The Privacy Rights Clearinghouse, a nonproﬁt consumer information and

advocacy organization, estimates more than 440 instances of reported exposures to

potential identity theft have occurred between the February 2005 ChoicePoint incident

and December 2006 due to data breaches at corporations, universities, and government

agencies. The organization further estimates that the number of records exposed in these

breaches exceeds 100 million (Privacy Rights Clearinghouse, 2007).1

To date, only a few event studies have attempted to analyze privacy breaches and other

similar occurrences. Potentially due to the diversity of events examined, these studies

have failed to reach agreement on a variety of pertinent issues. Previous researchers

disagree both on whether thereis a discernible stock market response to security breaches

as well as on which factors, if any,inﬂuence the magnitude and direction of the response.

In this study, we focus solely on customer and/or employee data breaches at publicly

traded ﬁrms. Our study also consists of a larger,more recent sample of events. This article

will contribute to the literature by (1) providing evidence regarding the effect of data

breaches on shareholder wealth and (2) providing insight into factors that inﬂuence the

magnitude and direction of the stock market’s response to news of a breach of customer

and/or employee data.

The remainder of this article is organized as follows. The following section provides

some background information related to data breaches. A review of relevant literature

is then provided, along with a discussion of our research motivation. We develop our

hypotheses and describe our research methodology and data in the next section. Finally,

we discuss our results and provideconcluding thoughts and avenues for future research.

BACKGROUND

Although the ChoicePoint incident was not the ﬁrst instance of its kind, this particular

data breach was unique because it occurred at a ﬁrm speciﬁcally involved in collecting,

maintaining, and combining personal data. In addition, the incident exposed a large

number of records and attracted a great deal of media attention. Until this incident,

data brokers had attracted relatively little federal regulatory attention with regardto the

potential for identity theft. Further, only a few states, most notably California, had leg-

islation in place mandating disclosure of such breaches. After the ChoicePoint incident,

states began to more aggressively pursue legislation in this area. As of May 2008, 42

1Although the Privacy Rights Clearinghouse has tracked data since February 2005, our sample

period begins in January 2004.

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

The Effect of Data Breaches on Shareholder Wealth

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users