A cyber-attack is a risk that every firm must manage. Prior studies raised doubts about how harmful cyber-attacks actually are. In particular, studies used the market reaction to cyber-attacks to show that they cause only small losses that decrease over time. These studies conjecture that as news media increasingly report that data breaches cause relatively minor damage, investors will lower their assessment of the costs of data breaches.
Most prior studies, however, rely almost entirely on cyber-attacks that were disclosed by firms. In contrast, we collect data on cyber-attacks from different sources and distinguish between cyber-attacks that were voluntarily disclosed … Read more