Did IT consulting firms gain when their clients were breached?

Jeng-Chung Chen, Hung-chih Li, David C. Yen, Kenneth Vincent Bata

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

Despite all the research investigating the impact of data and information technology (IT) breaches to the market value of the breached firms, few studies explore the effects of breach events on the stock price of consulting firms that supplies the know-how and infrastructure to create, implement and maintain those information systems that were hacked. Information transfer theory and capital market expectation suggest that as more data breaches occur every year, investors, clients and customers may well look beyond the faults of the individual firms, and place some responsibility on the shoulders of these IT providers. In this study, we investigated a total of 83 breach events affecting a wide range of US firms in various industries in year 2006 and 2007. We found that the market value of the IT consulting firms is positively associated with the disclosure of IT security breaches. The IT consulting firms realized an average abnormal return of 4.01% during the 2-day period after the announcement. Using the event-study method and Ordinary Least Squares Regression to calculate and analyze these firms' abnormal returns, we found evidence that as the number of breached records increased, the IT consulting firms tended to suffer negative returns. In addition, the observed impact was more salient for breaches that affect technology intensive firms than retailing or other firms. In other words, generally speaking, the IT consulting firms have similar experiences with the attacked firms.

Original languageEnglish
Pages (from-to)456-464
Number of pages9
JournalComputers in Human Behavior
Volume28
Issue number2
DOIs
Publication statusPublished - 2012 Mar 1

Fingerprint

Information technology
Technology
Information Theory
Consulting
Disclosure
Least-Squares Analysis
Information Systems
Information systems
Industry
Economics
Research

All Science Journal Classification (ASJC) codes

  • Arts and Humanities (miscellaneous)
  • Human-Computer Interaction
  • Psychology(all)

Cite this

Chen, Jeng-Chung ; Li, Hung-chih ; Yen, David C. ; Bata, Kenneth Vincent. / Did IT consulting firms gain when their clients were breached?. In: Computers in Human Behavior. 2012 ; Vol. 28, No. 2. pp. 456-464.
@article{4f432387fc3742c08291fce6bd3b7320,
title = "Did IT consulting firms gain when their clients were breached?",
abstract = "Despite all the research investigating the impact of data and information technology (IT) breaches to the market value of the breached firms, few studies explore the effects of breach events on the stock price of consulting firms that supplies the know-how and infrastructure to create, implement and maintain those information systems that were hacked. Information transfer theory and capital market expectation suggest that as more data breaches occur every year, investors, clients and customers may well look beyond the faults of the individual firms, and place some responsibility on the shoulders of these IT providers. In this study, we investigated a total of 83 breach events affecting a wide range of US firms in various industries in year 2006 and 2007. We found that the market value of the IT consulting firms is positively associated with the disclosure of IT security breaches. The IT consulting firms realized an average abnormal return of 4.01{\%} during the 2-day period after the announcement. Using the event-study method and Ordinary Least Squares Regression to calculate and analyze these firms' abnormal returns, we found evidence that as the number of breached records increased, the IT consulting firms tended to suffer negative returns. In addition, the observed impact was more salient for breaches that affect technology intensive firms than retailing or other firms. In other words, generally speaking, the IT consulting firms have similar experiences with the attacked firms.",
author = "Jeng-Chung Chen and Hung-chih Li and Yen, {David C.} and Bata, {Kenneth Vincent}",
year = "2012",
month = "3",
day = "1",
doi = "10.1016/j.chb.2011.10.017",
language = "English",
volume = "28",
pages = "456--464",
journal = "Computers in Human Behavior",
issn = "0747-5632",
publisher = "Elsevier Limited",
number = "2",

}

Did IT consulting firms gain when their clients were breached? / Chen, Jeng-Chung; Li, Hung-chih; Yen, David C.; Bata, Kenneth Vincent.

In: Computers in Human Behavior, Vol. 28, No. 2, 01.03.2012, p. 456-464.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Did IT consulting firms gain when their clients were breached?

AU - Chen, Jeng-Chung

AU - Li, Hung-chih

AU - Yen, David C.

AU - Bata, Kenneth Vincent

PY - 2012/3/1

Y1 - 2012/3/1

N2 - Despite all the research investigating the impact of data and information technology (IT) breaches to the market value of the breached firms, few studies explore the effects of breach events on the stock price of consulting firms that supplies the know-how and infrastructure to create, implement and maintain those information systems that were hacked. Information transfer theory and capital market expectation suggest that as more data breaches occur every year, investors, clients and customers may well look beyond the faults of the individual firms, and place some responsibility on the shoulders of these IT providers. In this study, we investigated a total of 83 breach events affecting a wide range of US firms in various industries in year 2006 and 2007. We found that the market value of the IT consulting firms is positively associated with the disclosure of IT security breaches. The IT consulting firms realized an average abnormal return of 4.01% during the 2-day period after the announcement. Using the event-study method and Ordinary Least Squares Regression to calculate and analyze these firms' abnormal returns, we found evidence that as the number of breached records increased, the IT consulting firms tended to suffer negative returns. In addition, the observed impact was more salient for breaches that affect technology intensive firms than retailing or other firms. In other words, generally speaking, the IT consulting firms have similar experiences with the attacked firms.

AB - Despite all the research investigating the impact of data and information technology (IT) breaches to the market value of the breached firms, few studies explore the effects of breach events on the stock price of consulting firms that supplies the know-how and infrastructure to create, implement and maintain those information systems that were hacked. Information transfer theory and capital market expectation suggest that as more data breaches occur every year, investors, clients and customers may well look beyond the faults of the individual firms, and place some responsibility on the shoulders of these IT providers. In this study, we investigated a total of 83 breach events affecting a wide range of US firms in various industries in year 2006 and 2007. We found that the market value of the IT consulting firms is positively associated with the disclosure of IT security breaches. The IT consulting firms realized an average abnormal return of 4.01% during the 2-day period after the announcement. Using the event-study method and Ordinary Least Squares Regression to calculate and analyze these firms' abnormal returns, we found evidence that as the number of breached records increased, the IT consulting firms tended to suffer negative returns. In addition, the observed impact was more salient for breaches that affect technology intensive firms than retailing or other firms. In other words, generally speaking, the IT consulting firms have similar experiences with the attacked firms.

UR - http://www.scopus.com/inward/record.url?scp=84862947610&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84862947610&partnerID=8YFLogxK

U2 - 10.1016/j.chb.2011.10.017

DO - 10.1016/j.chb.2011.10.017

M3 - Article

AN - SCOPUS:84862947610

VL - 28

SP - 456

EP - 464

JO - Computers in Human Behavior

JF - Computers in Human Behavior

SN - 0747-5632

IS - 2

ER -