BreachExchange mailing list archives

Re: Data leaks hit share prices hard

From: "Allan Friedman" <allan_friedman () ksgphd harvard edu>
Date: Mon, 9 Oct 2006 12:20:49 -0400

For anyone interested, the most recent copy is online here:
http://www.heinz.cmu.edu/~acquisti/papers/acquisti-friedman-telang-privacy-b
reaches.pdf

We're working on a revised dataset that incorporates much of the
recent events that members of this list have found, as well as
pre-1386 events.  We look forward to sharing this data when it is
fully cleaned.  We'll post a copy of the revised results to this list
as soon as we have it.

We've asked the authors for details on this study, but I'm curious
about the long term implications. If you are trying to show a
significant effect with a conventional event study, it's very hard to
do for such a long time period and such a small sample size.

If anyone is interested in doing similar studies, feel free to contact
me offline. Verifying that you have the first published report and
that there are no conflicting news stories that might bias the results
is fairly time-intensive.


allan

Allan Friedman
PhD Candidate, Public Policy
Kennedy School of Government
Harvard University

On 10/9/06, dataloss-bounces () attrition org
<dataloss-bounces () attrition org> wrote:

We could probably come up with our own study just by finding every publicly
traded company in the database and look at stock price history for X days
following announcement of the breech. In fact, this could almost be
automated if we added the ticker symbol to the database and then created a
script that took advantage of a site containing access to stock trading data
via an API...


On 10/9/06, Adam Shostack <adam () homeport org> wrote:

Fascinating.  It contradicts "Is There a Cost to Privacy Breaches? An
Event Study," which Alan Friedman presented at the Workshop on
Economics of Infosec.

http://weis2006.econinfosec.org/docs/40.pdf

That study has a much larger dataset, and so I'm curious why EMA chose

such small datasets.

My thoughts on the paper are at

http://www.emergentchaos.com/archives/2006/07/does_lost_data_matter.html




Adam


On Mon, Oct 09, 2006 at 11:26:11AM -0400, Dissent wrote:
| Australian-based analyst Hydrasight has teamed up with Colorado-based
| researcher Enterprise Management Associates Inc. (EMA) to release a
| study on the current state of global enterprise information security.
|
| The report draws a comparison between the theft or breach of
| confidential information and computer-facilitated financial fraud and
| the impact it has on organizations in terms of share price. While the
| organizations studied were based in the U.S., the findings reflect a
| similar security environment in Australia.
|
| Scott Crawford, senior analyst with EMA, said within four weeks of
| public disclosure of details of an information breach, negative
| responses show up in the form of falling share prices. The impact can
| be disturbing, he added.
|
| "EMA recently followed the closing stock prices of six US companies
| which had disclosed an information security breach between February
| 2005 and June 2006.
|
| "Within a month of disclosure, the average price of these stocks fell
| by 5 percent, and remained in a range of 2.4 to 8.5 percent below
| that of the date of disclosure for another eight months," he said.
|
| "The stocks did not recover to pre-incident levels for nearly a year."
|
| [...]
|
|

http://www.webwereld.nl/articles/43234/data-leaks-hit-share-prices-hard.html

|
| _______________________________________________
| Dataloss Mailing List (dataloss () attrition org)
| http://attrition.org/dataloss
| Tracking more than 136 million compromised records in 403 incidents over

6 years.

|
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 136 million compromised records in 403 incidents over 6

years.



_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 136 million compromised records in 403 incidents over 6
years.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 136 million compromised records in 403 incidents over 6 years.

Current thread:

Data leaks hit share prices hard Dissent (Oct 09)
- Re: Data leaks hit share prices hard Adam Shostack (Oct 09)
  - Re: Data leaks hit share prices hard B.K. DeLong (Oct 09)
    - Re: Data leaks hit share prices hard Allan Friedman (Oct 09)
    - Re: Data leaks hit share prices hard Chris Walsh (Oct 09)
    - Re: Data leaks hit share prices hard Dennis Opacki (Oct 09)
    - Re: Data leaks hit share prices hard Chris Walsh (Oct 09)
    - Re: Data leaks hit share prices hard Dennis Opacki (Oct 09)
    - Re: Data leaks hit share prices hard Allan Friedman (Oct 09)
    - Dataloss discussion, debate and chatter security curmudgeon (Oct 09)
    - Re: Data leaks hit share prices hard Adam Shostack (Oct 09)
  - Re: Data leaks hit share prices hard Alessandro Acquisti (Oct 10)
    - Re: Data leaks hit share prices hard Alessandro Acquisti (Oct 10)
- EMA/Hydrasight study Saundra Kae Rubel (Oct 09)

(Thread continues...)