BreachExchange mailing list archives
Re: Data leaks hit share prices hard
From: "Alessandro Acquisti" <acquisti () pguardian com>
Date: Tue, 10 Oct 2006 13:43:18 -0400
Adam:
Note, however, that our regressions showed that the size of a firm was a significant predictor of its abnormal rate or return (in other words: larger firms were more affected by the breaches).
that should have been "smaller" firms, as discussed in the paper. (thanks to Allan for catching this slip) Thank you, -aa
-----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss- bounces () attrition org] On Behalf Of Alessandro Acquisti Sent: Tuesday, October 10, 2006 9:42 AM To: 'Adam Shostack'; 'Dissent' Cc: 'Alessandro Acquisti'; 'dataloss-attrition.org' Subject: Re: [Dataloss] Data leaks hit share prices hard Hello Adam -Fascinating. It contradicts "Is There a Cost to Privacy Breaches? An Event Study," which Alan Friedman presented at the Workshop on Economics of Infosec. http://weis2006.econinfosec.org/docs/40.pdfMy 2 cents (following up on what Allan already wrote): the results of the two studies are difficult to compare. - our (i.e., Allan, Rahul, and me) dataset contained hundreds of events - I would hazard that focusing on six events means aiming at a qualitative type of study, rather than a statistically significant one. - the problem with simply checking whether stock prices have fallen or not is that external market conditions may determine those outcomes - hence, as a measurement of performance after the event, vanilla stock prices can be misleading (the event studies methodologies we used in our paper attempt to address this problem) - for similar reasons, one should be extra cautious about suggesting linkages between an event and the stock price one year after that event - the consensus in the financial literature that pioneered event studies is that a few days after the event you can no longer exclude that what you are getting from the stock prices is simply noise. Note, however, that our regressions showed that the size of a firm was a significant predictor of its abnormal rate or return (in other words: larger firms were more affected by the breaches). One last note on the problems with using stock prices to measure a (subset of a) company's breach-related costs: even if we may not adhere to the efficient markets hypothesis, we wanted to address a simpler (and, to me, telling) question: how does the market react to privacy breaches, compared to the way it reacts to security breaches, product vulnerabilities, or other negative events? Thanks, -alessandro _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 136 million compromised records in 403 incidents over 6 years.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 136 million compromised records in 403 incidents over 6 years.
Current thread:
- Re: Data leaks hit share prices hard, (continued)
- Re: Data leaks hit share prices hard B.K. DeLong (Oct 09)
- Re: Data leaks hit share prices hard Allan Friedman (Oct 09)
- Re: Data leaks hit share prices hard Chris Walsh (Oct 09)
- Re: Data leaks hit share prices hard Dennis Opacki (Oct 09)
- Re: Data leaks hit share prices hard Chris Walsh (Oct 09)
- Re: Data leaks hit share prices hard Dennis Opacki (Oct 09)
- Re: Data leaks hit share prices hard Allan Friedman (Oct 09)
- Dataloss discussion, debate and chatter security curmudgeon (Oct 09)
- Re: Data leaks hit share prices hard Adam Shostack (Oct 09)
- Re: Data leaks hit share prices hard B.K. DeLong (Oct 09)
- Re: Data leaks hit share prices hard Alessandro Acquisti (Oct 10)
- Re: Data leaks hit share prices hard ziplock (Oct 10)