Title: Explaining investors' reaction to internet security breach using deterrence theory

Authors: Francis Kofi Andoh-Baidoo

Addresses: Department of Computer Information Systems, University of Texas-Pan American, 1201 W University Drive, Edinburg, TX 78539, USA

Abstract: This study uses the deterrence theory to explain investors' behaviour towards the announcement of internet security breaches in the public media. Using the event study methodology, we compute the abnormal returns over a three day window. We then use decision tree induction to investigate how firm type and time affect the likelihood that an attack would lead to abnormal returns. The results reveal that investors are more likely to react negatively to announcements involving internet firms. In addition, investors are more likely to react negatively to more recent attacks. We argue that managers, especially in Net firms, should develop effective mechanisms to address security breach since investors interpret a security breach as management's failure to deter computer abusers from violating organisational security policies and controls. From a theoretical perspective, we demonstrate that event study research can use theory to explain investor's behaviour towards announcement of events in the public media.

Keywords: internet security breaches; e-finance; electronic finance; deterrence theory; investors reaction; CARs; cumulative abnormal returns; event studies; decision tree induction; firm damage; media announcements; news; security attacks; computer abuse; organisational security; public media; cyber attacks.

DOI: 10.1504/IJEF.2013.051753

International Journal of Electronic Finance, 2013 Vol.7 No.1, pp.1 - 14

Published online: 28 Jan 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article