The Dynamics of Stock Market Responses Following the Cyber-Attacks News: Evidence from Event Study

Dewan, Muktadir-Al-Mukit and Ali, Hakim Md ORCID: https://orcid.org/0000-0001-9159-530X (2025) The Dynamics of Stock Market Responses Following the Cyber-Attacks News: Evidence from Event Study. Information Systems Frontiers. ISSN 1387-3326

Preview

Published Version Available under License Creative Commons Attribution. Download (1MB) | Preview

Abstract

With the growing digital integration of business operations, cybersecurity risks have also increased significantly, posing a potential threat to stock prices through increased volatility. Our study investigates the impact of cyber-attacks on the stock prices of US listed firms, using a dataset of 776 incidents between 2012 and 2022. We argue that although cyber-attacks typically trigger negative stock market responses, the extent and nature of this reaction depend on several key factors, including the source and credibility of the news, the incident’s severity and distinctiveness, data privacy concerns, and the industry’s overall exposure to cyber risks. Our event study shows that firms lose $309.33 million in market value on the day a cyber-attack is reported. We observe that the negative response intensifies when cyber-attack news emerges in influential sources, indicating a wider media coverage and source credibility effect. We find that the negative reaction is more pronounced when the cyber-attack has a high consequential effect (severity). Moreover, firms that confront cyber-attacks for the first-time face overreaction from investors and greater losses than those with consecutive cyber-attacks. Sub-period analysis focusing on the 2015 Office of Personnel Management (OPM) data breach and the COVID-19 era shows more pronounced stock price impacts during the post-OPM and pre-COVID periods. Cross-sectional findings also reveal that firms with higher societal expectations for data privacy and those operating in sectors more vulnerable to cyber threats experience more negative reactions. Hence, our study provides insights for policymakers, regulators, and corporate leaders on cyber breach disclosure, transparency, timeliness and cybersecurity governance to strengthen market stability, corporate resilience, and investor confidence.