| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 1 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Cyber risk has become a concern for all companies. It is no longer a matter of if a company
will suffer a cyber-attack, but when will it happen. Cyber risk can be mitigated, but never
eliminated. Companies need to accept they will be exposed to it, or they would not be
competitive otherwise.
There are many studies analysing the stock price of a company surrounding the announcement
of a security breach, but there is not a unique consensus on whether it is negatively impacted
or not. In this thesis, I have selected five public companies and calculated the cumulative
abnormal returns in order to examine if these companies were penalized by the disclosure of
the attack.
The stock price of each of the companies dropped the day following the announcement, which
can be considered a negative signal from the market. Nonetheless, it is not as noticeable when
analysing the abnormal returns. Although in the short-term I obtained negative abnormal
returns, in one of the companies this only happens for a day, which is not enough to conclude
that the disclosure of a cyber-attack will harm a company. Moreover, one of the companies had
a negative CAR on the days surrounding the announcement, but when extending the event
window to one-month after the disclosure, the CAR became positive. All three remaining
companies analysed in this thesis have negative CARs regardless of the event window, but this
does not mean that the negative returns were caused solely by disclosing the event.