Shostack + Friends Blog Archive


Do Security Breaches Matter?

Nick Owen posts about the stock valuation impact of security breaches.

This UMD study found that a firm suffering a breach of ‘confidential information’ saw a 5% drop in stock price while firms suffering a non-confidential breach saw no impact.

I read it as the market over time learning the difference between a DOS attack and the posting of customer’s credit cards online. Which is interesting, because the market will be most forgiving of the attacks that are the most basic to prevent (web defacement, viruses & worms) or which are ‘unpreventable’ (DOS attacks – unpreventable isn’t the 100% correct word, but you know what I mean) and it will punish you severely (a 5% market cap drop according to the UMD study) for succumbing to a more viscous, targeted attack that results in exposure of confidential information such as customer credit cards. So are you putting your money in the right places?

I read this slightly differently. I think the market doesn’t care about attacks that don’t cost money. I think the market doesn’t really care about breaches of confidentiality, except when there’s a risk of lawsuit or customers leaving. And that means that when the market gets a whiff of the new attackers, these market impacts are going to go up.

2 comments on "Do Security Breaches Matter?"

  • Do security breaches drop the share value?

    According to those that think WiKID thoughts, yes. Quoting a paper by Campbell et al, there can be measured a 5% drop in stock price when confidentiality is breached. Adam demurs, thinking the market is unconcerned about the breaches of…

  • CEO Blogger says:

    IT propaganda

    Via The Carnival of the Capitalists, I found a series of posts (Thinking WiKID Thoughts, Emergent Chaos, Financial Cryptography 1, Financial Cryptography 2) about a study on

Comments are closed.