BreachExchange mailing list archives
Re: Data leaks hit share prices hard
From: "B.K. DeLong" <bkdelong () pobox com>
Date: Mon, 9 Oct 2006 11:49:38 -0400
We could probably come up with our own study just by finding every publicly traded company in the database and look at stock price history for X days following announcement of the breech. In fact, this could almost be automated if we added the ticker symbol to the database and then created a script that took advantage of a site containing access to stock trading data via an API... On 10/9/06, Adam Shostack <adam () homeport org> wrote:
Fascinating. It contradicts "Is There a Cost to Privacy Breaches? An Event Study," which Alan Friedman presented at the Workshop on Economics of Infosec. http://weis2006.econinfosec.org/docs/40.pdf That study has a much larger dataset, and so I'm curious why EMA chose such small datasets. My thoughts on the paper are at http://www.emergentchaos.com/archives/2006/07/does_lost_data_matter.html Adam On Mon, Oct 09, 2006 at 11:26:11AM -0400, Dissent wrote: | Australian-based analyst Hydrasight has teamed up with Colorado-based | researcher Enterprise Management Associates Inc. (EMA) to release a | study on the current state of global enterprise information security. | | The report draws a comparison between the theft or breach of | confidential information and computer-facilitated financial fraud and | the impact it has on organizations in terms of share price. While the | organizations studied were based in the U.S., the findings reflect a | similar security environment in Australia. | | Scott Crawford, senior analyst with EMA, said within four weeks of | public disclosure of details of an information breach, negative | responses show up in the form of falling share prices. The impact can | be disturbing, he added. | | "EMA recently followed the closing stock prices of six US companies | which had disclosed an information security breach between February | 2005 and June 2006. | | "Within a month of disclosure, the average price of these stocks fell | by 5 percent, and remained in a range of 2.4 to 8.5 percent below | that of the date of disclosure for another eight months," he said. | | "The stocks did not recover to pre-incident levels for nearly a year." | | [...] | | http://www.webwereld.nl/articles/43234/data-leaks-hit-share-prices-hard.html | | _______________________________________________ | Dataloss Mailing List (dataloss () attrition org) | http://attrition.org/dataloss | Tracking more than 136 million compromised records in 403 incidents over 6 years. | _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 136 million compromised records in 403 incidents over 6 years.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 136 million compromised records in 403 incidents over 6 years.
Current thread:
- Data leaks hit share prices hard Dissent (Oct 09)
- Re: Data leaks hit share prices hard Adam Shostack (Oct 09)
- Re: Data leaks hit share prices hard B.K. DeLong (Oct 09)
- Re: Data leaks hit share prices hard Allan Friedman (Oct 09)
- Re: Data leaks hit share prices hard Chris Walsh (Oct 09)
- Re: Data leaks hit share prices hard Dennis Opacki (Oct 09)
- Re: Data leaks hit share prices hard Chris Walsh (Oct 09)
- Re: Data leaks hit share prices hard Dennis Opacki (Oct 09)
- Re: Data leaks hit share prices hard Allan Friedman (Oct 09)
- Dataloss discussion, debate and chatter security curmudgeon (Oct 09)
- Re: Data leaks hit share prices hard Adam Shostack (Oct 09)
- Re: Data leaks hit share prices hard B.K. DeLong (Oct 09)
- Re: Data leaks hit share prices hard Adam Shostack (Oct 09)
- Re: Data leaks hit share prices hard Alessandro Acquisti (Oct 10)