[Dataloss] Data leaks hit share prices hard

Mon Oct 9 12:20:49 EDT 2006

For anyone interested, the most recent copy is online here:
http://www.heinz.cmu.edu/~acquisti/papers/acquisti-friedman-telang-privacy-b
reaches.pdf

We're working on a revised dataset that incorporates much of the
recent events that members of this list have found, as well as
pre-1386 events.  We look forward to sharing this data when it is
fully cleaned.  We'll post a copy of the revised results to this list
as soon as we have it.

We've asked the authors for details on this study, but I'm curious
about the long term implications. If you are trying to show a
significant effect with a conventional event study, it's very hard to
do for such a long time period and such a small sample size.

If anyone is interested in doing similar studies, feel free to contact
me offline. Verifying that you have the first published report and
that there are no conflicting news stories that might bias the results
is fairly time-intensive.

allan

Allan Friedman
PhD Candidate, Public Policy
Kennedy School of Government
Harvard University

On 10/9/06, dataloss-bounces at attrition.org
<dataloss-bounces at attrition.org> wrote:
> We could probably come up with our own study just by finding every publicly
> traded company in the database and look at stock price history for X days
> following announcement of the breech. In fact, this could almost be
> automated if we added the ticker symbol to the database and then created a
> script that took advantage of a site containing access to stock trading data
> via an API...
>
>
> On 10/9/06, Adam Shostack <adam at homeport.org> wrote:
> > Fascinating.  It contradicts "Is There a Cost to Privacy Breaches? An
> > Event Study," which Alan Friedman presented at the Workshop on
> > Economics of Infosec.
> >
> > http://weis2006.econinfosec.org/docs/40.pdf
> >
> > That study has a much larger dataset, and so I'm curious why EMA chose
> >
> > such small datasets.
> >
> > My thoughts on the paper are at
> >
> http://www.emergentchaos.com/archives/2006/07/does_lost_data_matter.html
> >
> >
> >
> > Adam
> >
> >
> > On Mon, Oct 09, 2006 at 11:26:11AM -0400, Dissent wrote:
> > | Australian-based analyst Hydrasight has teamed up with Colorado-based
> > | researcher Enterprise Management Associates Inc. (EMA) to release a
> > | study on the current state of global enterprise information security.
> > |
> > | The report draws a comparison between the theft or breach of
> > | confidential information and computer-facilitated financial fraud and
> > | the impact it has on organizations in terms of share price. While the
> > | organizations studied were based in the U.S., the findings reflect a
> > | similar security environment in Australia.
> > |
> > | Scott Crawford, senior analyst with EMA, said within four weeks of
> > | public disclosure of details of an information breach, negative
> > | responses show up in the form of falling share prices. The impact can
> > | be disturbing, he added.
> > |
> > | "EMA recently followed the closing stock prices of six US companies
> > | which had disclosed an information security breach between February
> > | 2005 and June 2006.
> > |
> > | "Within a month of disclosure, the average price of these stocks fell
> > | by 5 percent, and remained in a range of 2.4 to 8.5 percent below
> > | that of the date of disclosure for another eight months," he said.
> > |
> > | "The stocks did not recover to pre-incident levels for nearly a year."
> > |
> > | [...]
> > |
> > |
> http://www.webwereld.nl/articles/43234/data-leaks-hit-share-prices-hard.html
> > |
> > | _______________________________________________
> > | Dataloss Mailing List (dataloss at attrition.org)
> > | http://attrition.org/dataloss
> > | Tracking more than 136 million compromised records in 403 incidents over
> 6 years.
> > |
> > _______________________________________________
> > Dataloss Mailing List (dataloss at attrition.org)
> > http://attrition.org/dataloss
> > Tracking more than 136 million compromised records in 403 incidents over 6
> years.
> >
> >
> >
> >
>
>
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 136 million compromised records in 403 incidents over 6
> years.
>
>
>
>
>