New research in the INFORMS journal Management Science finds that firms that have experienced data breaches intentionally stage the timing of such announcements around other significant breaking news as a means of reducing media coverage and minimizing public attention.
“We estimate that strategic timing reduces the median decline in market capitalization loss resulting from a data breach, from $347 million to $85 million,” says Sebastian Schuetz of Florida International University.
The study, conducted by Schuetz and Jens Foerderer of the Technical University of Munich, finds that this strategy harms consumers because the stock markets do not adequately “punish” firms for their misbehavior.
The work appears to show that strategic timing is most common in data breaches that are of greatest interest to consumers, such as those that are more severe and involve healthcare data, financial data and credentials.
“Based on our findings, we recommend lawmakers mandate shorter disclosure deadlines, from the current 30-day deadline to just three days,” says Foerderer. “Strategic timing is harmful for consumers because it undermines the effectiveness of current U.S. data breach legislation. Because consumers and investors receive less information about the occurrence of a data breach, less change is being promoted in firms to protect consumers against future security issues.”
Nearly 700,000 UK nationals affected by Equifax breach: company
Jens Foerderer et al, Data Breach Announcements and Stock Market Reactions: A Matter of Timing?, Management Science (2022). DOI: 10.1287/mnsc.2021.4264
Firms time announcements of data breaches to bury the bad news (2022, July 26)
retrieved 26 July 2022
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.