What the hack? : an empirical analysis of the stock market reactions to hacking announcements

Jansen, Embla Kleiv; Stavik, Stine-Mari

dc.contributor.advisor	Juranek, Steffen
dc.contributor.advisor	Bienz, Carsten
dc.contributor.author	Jansen, Embla Kleiv
dc.contributor.author	Stavik, Stine-Mari
dc.date.accessioned	2021-03-23T12:50:31Z
dc.date.available	2021-03-23T12:50:31Z
dc.date.issued	2020
dc.identifier.uri	https://hdl.handle.net/11250/2735126
dc.description.abstract	To raise awareness of the financial consequences for companies that do not safeguard personal data, this thesis investigates the stock market reaction following hacks. Furthermore, it investigates the role consumers and regulatory agencies play in inflicting financial consequences on companies that are hacked. While previous studies have focused on data breaches in general, this thesis focuses on hacks, because hacking is the most dominant form of data breaches and is increasing in frequency. The thesis contributes to existing literature by examining 42 of the world’s largest hacks announced between 2007 and 2020. The research questions are answered by using event study methodology as described by MacKinlay (1997). We find an average negative stock market reaction of 1.7% on the first trading day following the announcement of the hacks. Moreover, we find that the stock prices do not fully recover within the following ten days, indicating that shareholder value is at risk. When investigating the role of consumers, we find that when many client’s records are exposed in the hack, the stock market reaction is stronger. This may be because investors expect that the consumers will use their market power to punish the companies that have been hacked, and that this will decrease the net value of the company. More surprisingly, we find no statistically significant impact when the data exposed in the hack is sensitive to the customers. Finally, we explore the stock market reaction to hacks prior to and after the implementation of the GDPR in 2018, with a subsample of 33 events. The GDPR has raised the maximum fines for companies that are hacked, however, we do not find evidence of stronger stock market reactions after it was put into effect in our data sample. Our findings suggest that IT managers and top executives should be concerned with protecting the personal data that the company stores, because there exists a trade-off between investing in cyber security and carrying the costs of being hacked. Keywords – Hack, Data breaches, Cyber security, Regulatory agencies, IT managers, GDPR, Event study, Consumers	en_US
dc.language.iso	eng	en_US
dc.subject	financial economics	en_US
dc.title	What the hack? : an empirical analysis of the stock market reactions to hacking announcements	en_US
dc.type	Master thesis	en_US
dc.description.localcode	nhhmas	en_US

Tilhørende fil(er)

Filnavn:: masterthesis.pdf
Størrelse:: 938.8Kb
Format:: PDF

Åpne

Denne innførselen finnes i følgende samling(er)

Master Thesis [4209]

Vis enkel innførsel