Investigating the Impact of Publicly Announced Information Security Breaches on Three Performance Indicators of the Breached Firms

Abstract

This article examines the impact of information security breaches on organizational performance. Until now, there have been only a few empirical academic studies that have investigated this issue and they have investigated information security breaches with the focus on the short-term impact on the market value of the firm. This study offers an alternate approach to investigate this issue as it explores the impact of breaches on financial performance of the firm, one year after the breach. Using a “matched sampling” methodology, we explored the impact of each type of breach (i.e., confidentiality, integrity, and availability) and also by IT intensity and size. Our results suggest that the direction of the impact (i.e., positive, negative) is dependent on the type of security breaches and also the impact of IT intensive firms is different from non-IT intensive firms. Our study also includes some important implications for managers and stock market investors.