A global comparison of corporate value adjustments to news of cyber-attacks

The growing threat of cyber breach has become one of the most feared risks corporations around the world are currently dealing with. This paper uses a methodology similar to Hogan, Olson, and Angelina (2020) to analyze global shareholder value effects of cyber breaches from 1990 to 2019 for five major non-US countries. Cumulative Average Returns (CARs) are calculated using the first notice date to periods of up to 90 days post-announcement to compare short-term and long-term effects of cyber breaches on the stock price. Results for this data set show significant negative returns for US corporations in all windows. Unlike its US counterparts, short-term results for non-US countries show no significant changes to price as a result of cyber breach announcements. Long-term results for the aggregate non-US sample show significance only at the (0,30) window. Individual country long-term analysis shows some significance depending on the event windows, but no common patterns are seen among countries. These results point to differences in how news of a cyber breach, by country, is perceived in the market. The results help explain some of the patterns insurance companies have seen in the reticent buying habits of global companies with respect to cyber insurance.