Interesting People mailing list archives
Re After Equifax breach, anger but no action in Congress
From: "Dave Farber" <farber () gmail com>
Date: Mon, 1 Jan 2018 23:37:28 -0500
Begin forwarded message:
From: Eric Burger <eburger () standardstrack com> Date: January 1, 2018 at 9:48:28 PM EST To: Farber David <dave () farber net> Subject: Re: [IP] After Equifax breach, anger but no action in Congress I did not have the guts to follow my own advice. I would have been a bit richer if I had. TL;DR: companies that lose your data are good investments on average. In other words, breach notification laws, instead of encouraging investors to punish companies, seem to punish companies for a week or two, and then the company outperforms its peers over the next 6-12 months. [Note: I am not giving investing advice, and we do highlight a company that went bankrupt after a breach, so YMMV etc. etc.] Lange, R. and Burger, E., Long-Term Market Implications of Data Breaches, Not, Journal of Information Privacy and Security, December 2017, https://doi.org/10.1080/15536548.2017.1394070 ABSTRACT This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies’ stock, with a focus on the results relative to the performance of the firms’ peer industries, as represented through selected indices rather than the market as a whole. financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer- term perspective on the impact of the breach announcement. Key findings ● While the difference in stock price between the sampled breached companies and their peers was negative (− 1.13%) in the first 3 days following announcement of a breach, by the 14th day the return difference had rebounded to + 0.05%, and on average remained positive through the period assessed. ● For the differences in the breached companies’ betas and the beta of their peer sets, the differences in the means of 8 months pre-breach versus post-breach was not meaningful at 90, 180, and 360 day post-breach periods. ● For the differences in the breached companies’ beta correlations against the peer indices pre- and post-breach, the difference in the means of the rolling 60 day correlation 8 months pre- breach versus post-breach was not meaningful at 90, 180, and 360 day post-breach periods. ● In regression analysis, use of the number of accessed records, date, data sensitivity, and malicious versus accidental leak as variables failed to yield an R2 greater than 16.15% for response variables of 3, 14, 60, and 90 day return differential, excess beta differential, and rolling beta correlation differential, indicating that the financial impact on breached companies was highly idiosyncratic. ● Based on returns, the most impacted industries at the 3 day post-breach date were U.S Financial Services, Transportation, and Global Telecom. At the 90 day post-breach date, the three most impacted industries were U.S. Financial Services, U.S. Healthcare, and Global Telecom.On Jan 1, 2018, at 10:40 AM, Dave Farber <dave () farber net> wrote: ---------- Forwarded message --------- From: Richard Forno <rforno () infowarrior org> Date: Mon, Jan 1, 2018 at 10:26 AM Subject: After Equifax breach, anger but no action in Congress To: Infowarrior List <infowarrior () attrition org>, dataloss <breachexchange () lists riskbasedsecurity com> CC: Dave Farber <dave () farber net> After Equifax breach, anger but no action in Congress By MARTIN MATISHAK The massive Equifax data breach, which compromised the identities of more than 145 million Americans, prompted a telling response from Congress: It did nothing. Some industry leaders and lawmakers thought September’s revelation of the massive intrusion — which took place months after the credit reporting agency failed to act on a warning from the Homeland Security Department — might be the long-envisioned incident that prompted Congress to finally fix the country’s confusing and ineffectual data security laws. Instead, the aftermath of the breach played out like a familiar script: white-hot, bipartisan outrage, followed by hearings and a flurry of proposals that went nowhere. As is often the case, Congress gradually shifted to other priorities — this time the most sweeping tax code overhaul in a generation, and another mad scramble to fund the federal government. “It’s very frustrating,” said Rep. Jan Schakowsky of Illinois, the top Democrat on the House Energy and Commerce consumer protection subcommittee, who introduced legislation in the wake of the Equifax incident. “Every time another shoe falls, I think, ‘Ah, this is it. This will get us galvanized and pull together and march in the same direction.’ Hasn’t happened yet,” said Sen. Tom Carper (D-Del.), a member of a broader Senate working group that has tinkered for years to come up with data breach legislation. Every time lawmakers punt on the issue, critics say, they are leaving Americans more exposed to ruinous identity theft scams — and allowing companies to evade responsibility. With no sign that mammoth data breaches like the one at Equifax are abating, the situation is only growing more dire, according to cyberspecialists. In the meantime, companies and consumers are left to navigate 48 different state-level standards that govern how companies must protect sensitive data and respond to data breaches. Companies say the varying rules are costly and time-consuming, while cyberspecialists and privacy hawks argue they do little to keep Americans’ data safe. But while industry groups, security experts, privacy advocates and lawmakers of both parties agree that Congress must do something to unify these laws, no one has been able to agree on what that “something” should be. < - > https://www.politico.com/story/2018/01/01/equifax-data-breach-congress-action-319631 Archives | Modify Your Subscription | Unsubscribe Now
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180101233737:A6ADA0CA-EF76-11E7-9029-DF0CB6474EDC Powered by Listbox: http://www.listbox.com
Current thread:
- Re After Equifax breach, anger but no action in Congress Dave Farber (Jan 02)