The Long-Run Impact of Information Security Breach Announcements on Investors’ Confidence: The Context of Efficient Market Hypothesis

Information and communication technologies (ICTs) are the cornerstone for sustainable development, but if they are not appropriately managed, they will impede progress towards the United Nations Global Sustainable Development Goals. Among undesirable impacts, emphasis must be put on the risk of information security (ISec) breaches, as they pose a potential threat to businesses there. Especially for publicly traded firms, they could create a long-lasting influence on their financial performance and, thus, stock investors’ confidence. Following the efficient market hypothesis’s footsteps, previous studies have examined only the short-run impact on investors’ confidence ensuing to ISec breach announcements. Therefore, this study investigates the long-run impact of ISec breach announcements on investors’ confidence. Based on a sample of 73 ISec breach announcements during 2011–2019, this paper examines the impact on investors’ confidence, as demonstrated by long-run abnormal returns and equity risk of those firms. Using a one-to-one matched sampling approach, each firm’s performance is analyzed with its control firm over eighteen months, starting six months before the announcement, through twelve months after the announcement. Firms experienced a significant negative abnormal return of 15% to 18% during the twelve months following the breach announcement. In comparison, equity risk increased by 11% within six months before and after an announcement. This study can help investors, managers, and researchers better understand a long-term relationship between ISec breaches and investor confidence in the context of efficient market hypothesis.