Re: Data leaks hit share prices hard

["B.K. DeLong" <bkdelong () pobox com>]

We could probably come up with our own study just by finding every publicly
traded company in the database and look at stock price history for X days
following announcement of the breech. In fact, this could almost be
automated if we added the ticker symbol to the database and then created a
script that took advantage of a site containing access to stock trading data
via an API...

On 10/9/06, Adam Shostack <adam () homeport org> wrote:
> Fascinating.  It contradicts "Is There a Cost to Privacy Breaches? An
> Event Study," which Alan Friedman presented at the Workshop on
> Economics of Infosec.
>
> http://weis2006.econinfosec.org/docs/40.pdf
>
> That study has a much larger dataset, and so I'm curious why EMA chose
>
> such small datasets.
>
> My thoughts on the paper are at
> http://www.emergentchaos.com/archives/2006/07/does_lost_data_matter.html
>
>
>
> Adam
>
>
> On Mon, Oct 09, 2006 at 11:26:11AM -0400, Dissent wrote:
> | Australian-based analyst Hydrasight has teamed up with Colorado-based
> | researcher Enterprise Management Associates Inc. (EMA) to release a
> | study on the current state of global enterprise information security.
> |
> | The report draws a comparison between the theft or breach of
> | confidential information and computer-facilitated financial fraud and
> | the impact it has on organizations in terms of share price. While the
> | organizations studied were based in the U.S., the findings reflect a
> | similar security environment in Australia.
> |
> | Scott Crawford, senior analyst with EMA, said within four weeks of
> | public disclosure of details of an information breach, negative
> | responses show up in the form of falling share prices. The impact can
> | be disturbing, he added.
> |
> | "EMA recently followed the closing stock prices of six US companies
> | which had disclosed an information security breach between February
> | 2005 and June 2006.
> |
> | "Within a month of disclosure, the average price of these stocks fell
> | by 5 percent, and remained in a range of 2.4 to 8.5 percent below
> | that of the date of disclosure for another eight months," he said.
> |
> | "The stocks did not recover to pre-incident levels for nearly a year."
> |
> | [...]
> |
> |
> http://www.webwereld.nl/articles/43234/data-leaks-hit-share-prices-hard.html
> |
> | _______________________________________________
> | Dataloss Mailing List (dataloss () attrition org)
> | http://attrition.org/dataloss
> | Tracking more than 136 million compromised records in 403 incidents over
> 6 years.
> |
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
> Tracking more than 136 million compromised records in 403 incidents over 6
> years.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 136 million compromised records in 403 incidents over 6 years.