Re After Equifax breach, anger but no action in Congress

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Eric Burger <eburger () standardstrack com>
> Date: January 1, 2018 at 9:48:28 PM EST
> To: Farber David <dave () farber net>
> Subject: Re: [IP] After Equifax breach, anger but no action in Congress
>
> I did not have the guts to follow my own advice. I would have been a bit richer if I had.
>
> TL;DR: companies that lose your data are good investments on average. In other words, breach notification laws, 
> instead of encouraging investors to punish companies, seem to punish companies for a week or two, and then the 
> company outperforms its peers over the next 6-12 months. [Note: I am not giving investing advice, and we do highlight 
> a company that went bankrupt after a breach, so YMMV etc. etc.]
>
> Lange, R. and Burger, E., Long-Term Market Implications of Data Breaches, Not, Journal of Information Privacy and 
> Security, December 2017, https://doi.org/10.1080/15536548.2017.1394070 
>
> ABSTRACT
>
> This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected 
> companies’ stock, with a focus on the results relative to the performance of the firms’ peer industries, as 
> represented through selected indices rather than the market as a whole. financial performance is considered over a 
> range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer- term perspective 
> on the impact of the breach announcement. 
>
> Key findings
>
> ●  While the difference in stock price between the sampled breached companies and their peers was negative (− 1.13%) 
> in the first 3 days following announcement of a breach, by the 14th day the return difference had rebounded to + 
> 0.05%, and on average remained positive through the period assessed.
>
> ●  For the differences in the breached companies’ betas and the beta of their peer sets, the differences in the means 
> of 8 months pre-breach versus post-breach was not meaningful at 90, 180, and 360 day post-breach periods.
>
> ●  For the differences in the breached companies’ beta correlations against the peer indices pre- and post-breach, 
> the difference in the means of the rolling 60 day correlation 8 months pre- breach versus post-breach was not 
> meaningful at 90, 180, and 360 day post-breach periods.
>
> ●  In regression analysis, use of the number of accessed records, date, data sensitivity, and malicious versus 
> accidental leak as variables failed to yield an R2 greater than 16.15% for response variables of 3, 14, 60, and 90 
> day return differential, excess beta differential, and rolling beta correlation differential, indicating that the 
> financial impact on breached companies was highly idiosyncratic.
>
> ●  Based on returns, the most impacted industries at the 3 day post-breach date were U.S Financial Services, 
> Transportation, and Global Telecom. At the 90 day post-breach date, the three most impacted industries were U.S. 
> Financial Services, U.S. Healthcare, and Global Telecom. 
>
>    
> > On Jan 1, 2018, at 10:40 AM, Dave Farber <dave () farber net> wrote:
> >
> >
> > ---------- Forwarded message ---------
> > From: Richard Forno <rforno () infowarrior org>
> > Date: Mon, Jan 1, 2018 at 10:26 AM
> > Subject: After Equifax breach, anger but no action in Congress
> > To: Infowarrior List <infowarrior () attrition org>, dataloss <breachexchange () lists riskbasedsecurity com>
> > CC: Dave Farber <dave () farber net>
> >
> >
> > After Equifax breach, anger but no action in Congress
> >
> > By MARTIN MATISHAK
> >
> > The massive Equifax data breach, which compromised the identities of more than 145 million Americans, prompted a 
> > telling response from Congress: It did nothing.
> >
> > Some industry leaders and lawmakers thought September’s revelation of the massive intrusion — which took place 
> > months after the credit reporting agency failed to act on a warning from the Homeland Security Department — might be 
> > the long-envisioned incident that prompted Congress to finally fix the country’s confusing and ineffectual data 
> > security laws.
> >
> > Instead, the aftermath of the breach played out like a familiar script: white-hot, bipartisan outrage, followed by 
> > hearings and a flurry of proposals that went nowhere. As is often the case, Congress gradually shifted to other 
> > priorities — this time the most sweeping tax code overhaul in a generation, and another mad scramble to fund the 
> > federal government.
> >
> > “It’s very frustrating,” said Rep. Jan Schakowsky of Illinois, the top Democrat on the House Energy and Commerce 
> > consumer protection subcommittee, who introduced legislation in the wake of the Equifax incident.
> >
> > “Every time another shoe falls, I think, ‘Ah, this is it. This will get us galvanized and pull together and march in 
> > the same direction.’ Hasn’t happened yet,” said Sen. Tom Carper (D-Del.), a member of a broader Senate working group 
> > that has tinkered for years to come up with data breach legislation.
> >
> > Every time lawmakers punt on the issue, critics say, they are leaving Americans more exposed to ruinous identity 
> > theft scams — and allowing companies to evade responsibility. With no sign that mammoth data breaches like the one 
> > at Equifax are abating, the situation is only growing more dire, according to cyberspecialists.
> >
> > In the meantime, companies and consumers are left to navigate 48 different state-level standards that govern how 
> > companies must protect sensitive data and respond to data breaches. Companies say the varying rules are costly and 
> > time-consuming, while cyberspecialists and privacy hawks argue they do little to keep Americans’ data safe.
> >
> > But while industry groups, security experts, privacy advocates and lawmakers of both parties agree that Congress 
> > must do something to unify these laws, no one has been able to agree on what that “something” should be.
> >
> > < - >
> >
> > https://www.politico.com/story/2018/01/01/equifax-data-breach-congress-action-319631
> > Archives  | Modify Your Subscription | Unsubscribe Now        



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180101233737:A6ADA0CA-EF76-11E7-9029-DF0CB6474EDC
Powered by Listbox: http://www.listbox.com