What is the Impact of Successful Cyberattacks on Target Firms?
NBER Working Paper No. 24409
We examine which firms are targets of cyberattacks and how they are affected. We find that cyberattacks cause firms to reassess the risks that they are exposed to and their consequences, so that they have real effects on firm policies even when targets are not financially constrained. Cyberattacks are more likely to occur at more visible firms, firms with more intangible assets, and firms with less board attention to risk management. Attacks where personal financial information is appropriated are associated with a negative stock-market reaction, a decrease in sales growth for large firms and retail firms, an increase in leverage, a deterioration in financial health, and a decrease in investment in the short run. Firms further respond to cyberattacks by reducing CEO bonuses and risk-taking incentives and by strengthening their risk management.
Document Object Identifier (DOI): 10.3386/w24409