Insider Trading and Disclosure: The Case of Cyberattacks

The U.S. Securities and Exchange Commission (SEC) recently identified incidents in which top executives sold shares before disclosing to the public negative information about cyberattacks. For example, the former chief information officer of Equifax, Jun Ying, exercised his stock options and sold nearly $1 million in shares about a week before Equifax disclosed the hack of its database in September 2017, gaining $480,000. Equifax stock dropped over 30 percent after news of the data breach became public. Motivated by the SEC’s concerns, we examine the relation between insider trading and corporate disclosure policies around cyberattacks.

When a cyberattack with material … Read more

Do Firms Under-Report Information on Cyber-Attacks?

A cyber-attack is a risk that every firm must manage. Prior studies raised doubts about how harmful cyber-attacks actually are. In particular, studies used the market reaction to cyber-attacks to show that they cause only small losses that decrease over time. These studies conjecture that as news media increasingly report that data breaches cause relatively minor damage, investors will lower their assessment of the costs of data breaches.

Most prior studies, however, rely almost entirely on cyber-attacks that were disclosed by firms. In contrast, we collect data on cyber-attacks from different sources and distinguish between cyber-attacks that were voluntarily disclosed … Read more