Quantifying the impact of cyber-attacks on a company’s value
Autor(a) principal: | |
---|---|
Data de Publicação: | 2023 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10400.14/41418 |
Resumo: | Cyber risk has become a concern for all companies. It is no longer a matter of if a company will suffer a cyber-attack, but when will it happen. Cyber risk can be mitigated, but never eliminated. Companies need to accept they will be exposed to it, or they would not be competitive otherwise. There are many studies analysing the stock price of a company surrounding the announcement of a security breach, but there is not a unique consensus on whether it is negatively impacted or not. In this thesis, I have selected five public companies and calculated the cumulative abnormal returns in order to examine if these companies were penalized by the disclosure of the attack. The stock price of each of the companies dropped the day following the announcement, which can be considered a negative signal from the market. Nonetheless, it is not as noticeable when analysing the abnormal returns. Although in the short-term I obtained negative abnormal returns, in one of the companies this only happens for a day, which is not enough to conclude that the disclosure of a cyber-attack will harm a company. Moreover, one of the companies had a negative CAR on the days surrounding the announcement, but when extending the event window to one-month after the disclosure, the CAR became positive. All three remaining companies analysed in this thesis have negative CARs regardless of the event window, but this does not mean that the negative returns were caused solely by disclosing the event. |
id |
RCAP_eb30ba5090ed9750d1e2e96fe1501381 |
---|---|
oai_identifier_str |
oai:repositorio.ucp.pt:10400.14/41418 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Quantifying the impact of cyber-attacks on a company’s valueDomínio/Área Científica::Ciências Sociais::Economia e GestãoCyber risk has become a concern for all companies. It is no longer a matter of if a company will suffer a cyber-attack, but when will it happen. Cyber risk can be mitigated, but never eliminated. Companies need to accept they will be exposed to it, or they would not be competitive otherwise. There are many studies analysing the stock price of a company surrounding the announcement of a security breach, but there is not a unique consensus on whether it is negatively impacted or not. In this thesis, I have selected five public companies and calculated the cumulative abnormal returns in order to examine if these companies were penalized by the disclosure of the attack. The stock price of each of the companies dropped the day following the announcement, which can be considered a negative signal from the market. Nonetheless, it is not as noticeable when analysing the abnormal returns. Although in the short-term I obtained negative abnormal returns, in one of the companies this only happens for a day, which is not enough to conclude that the disclosure of a cyber-attack will harm a company. Moreover, one of the companies had a negative CAR on the days surrounding the announcement, but when extending the event window to one-month after the disclosure, the CAR became positive. All three remaining companies analysed in this thesis have negative CARs regardless of the event window, but this does not mean that the negative returns were caused solely by disclosing the event.Bonfim, Diana Carina Ribeiro GuimarãesVeritati - Repositório Institucional da Universidade Católica PortuguesaSimón Núñez, Elena2024-01-03T01:30:38Z2023-05-122023-012023-05-12T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.14/41418TID:203320450enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-09T01:37:03Zoai:repositorio.ucp.pt:10400.14/41418Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T18:34:06.748430Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Quantifying the impact of cyber-attacks on a company’s value |
title |
Quantifying the impact of cyber-attacks on a company’s value |
spellingShingle |
Quantifying the impact of cyber-attacks on a company’s value Simón Núñez, Elena Domínio/Área Científica::Ciências Sociais::Economia e Gestão |
title_short |
Quantifying the impact of cyber-attacks on a company’s value |
title_full |
Quantifying the impact of cyber-attacks on a company’s value |
title_fullStr |
Quantifying the impact of cyber-attacks on a company’s value |
title_full_unstemmed |
Quantifying the impact of cyber-attacks on a company’s value |
title_sort |
Quantifying the impact of cyber-attacks on a company’s value |
author |
Simón Núñez, Elena |
author_facet |
Simón Núñez, Elena |
author_role |
author |
dc.contributor.none.fl_str_mv |
Bonfim, Diana Carina Ribeiro Guimarães Veritati - Repositório Institucional da Universidade Católica Portuguesa |
dc.contributor.author.fl_str_mv |
Simón Núñez, Elena |
dc.subject.por.fl_str_mv |
Domínio/Área Científica::Ciências Sociais::Economia e Gestão |
topic |
Domínio/Área Científica::Ciências Sociais::Economia e Gestão |
description |
Cyber risk has become a concern for all companies. It is no longer a matter of if a company will suffer a cyber-attack, but when will it happen. Cyber risk can be mitigated, but never eliminated. Companies need to accept they will be exposed to it, or they would not be competitive otherwise. There are many studies analysing the stock price of a company surrounding the announcement of a security breach, but there is not a unique consensus on whether it is negatively impacted or not. In this thesis, I have selected five public companies and calculated the cumulative abnormal returns in order to examine if these companies were penalized by the disclosure of the attack. The stock price of each of the companies dropped the day following the announcement, which can be considered a negative signal from the market. Nonetheless, it is not as noticeable when analysing the abnormal returns. Although in the short-term I obtained negative abnormal returns, in one of the companies this only happens for a day, which is not enough to conclude that the disclosure of a cyber-attack will harm a company. Moreover, one of the companies had a negative CAR on the days surrounding the announcement, but when extending the event window to one-month after the disclosure, the CAR became positive. All three remaining companies analysed in this thesis have negative CARs regardless of the event window, but this does not mean that the negative returns were caused solely by disclosing the event. |
publishDate |
2023 |
dc.date.none.fl_str_mv |
2023-05-12 2023-01 2023-05-12T00:00:00Z 2024-01-03T01:30:38Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10400.14/41418 TID:203320450 |
url |
http://hdl.handle.net/10400.14/41418 |
identifier_str_mv |
TID:203320450 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799132067585327104 |