 Ex-intrusion corporate cyber risk: evidence from internet protocol networksBill B. Francis, Wenyao Hu and Thomas D. Shohfi Abstract: Previous event studies of corporate cyber risk have been limited to successful attacks on public firms, but the samples are biased because they are based on the economic magnitude of equity losses. To address this selection bias, we construct a larger and more representative sample of cyber intrusions only, finding diminished negative equity (insignificant corporate bond) market reactions compared with these prior studies. To identify cyber risk irrespective of observing successful attacks, we match public firms with internet protocol network data from the American Registry for Internet Numbers between 1991 and 2017. We find that both stockholders and creditors incorporate external internet protocol network size into the firm value. Further, debt and equity market reactions to cyber attacks are mitigated for firms with registered internet protocol networks and larger network deployments. Overall, our study reveals an important public data source that can help institutions proxy for and more accurately price firms’ cyber security risks. References: Add references at CitEc Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:rsk:journ3:7879801 Access Statistics for this article More articles in Journal of Operational Risk from Journal of Operational Risk |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.