[Dataloss] Data leaks hit share prices hard

Adam Shostack adam at homeport.org
Mon Oct 9 11:36:26 EDT 2006 

Fascinating.  It contradicts "Is There a Cost to Privacy Breaches? An 
Event Study," which Alan Friedman presented at the Workshop on 
Economics of Infosec. 
 
http://weis2006.econinfosec.org/docs/40.pdf 
 
That study has a much larger dataset, and so I'm curious why EMA chose

such small datasets. 
 
My thoughts on the paper are at 
http://www.emergentchaos.com/archives/2006/07/does_lost_data_matter.html

 
 
Adam 


On Mon, Oct 09, 2006 at 11:26:11AM -0400, Dissent wrote:
| Australian-based analyst Hydrasight has teamed up with Colorado-based 
| researcher Enterprise Management Associates Inc. (EMA) to release a 
| study on the current state of global enterprise information security.
| 
| The report draws a comparison between the theft or breach of 
| confidential information and computer-facilitated financial fraud and 
| the impact it has on organizations in terms of share price. While the 
| organizations studied were based in the U.S., the findings reflect a 
| similar security environment in Australia.
| 
| Scott Crawford, senior analyst with EMA, said within four weeks of 
| public disclosure of details of an information breach, negative 
| responses show up in the form of falling share prices. The impact can 
| be disturbing, he added.
| 
| "EMA recently followed the closing stock prices of six US companies 
| which had disclosed an information security breach between February 
| 2005 and June 2006.
| 
| "Within a month of disclosure, the average price of these stocks fell 
| by 5 percent, and remained in a range of 2.4 to 8.5 percent below 
| that of the date of disclosure for another eight months," he said.
| 
| "The stocks did not recover to pre-incident levels for nearly a year."
| 
| [...]
| 
| http://www.webwereld.nl/articles/43234/data-leaks-hit-share-prices-hard.html
| 
| _______________________________________________
| Dataloss Mailing List (dataloss at attrition.org)
| http://attrition.org/dataloss
| Tracking more than 136 million compromised records in 403 incidents over 6 years.
|

More information about the Dataloss mailing list