Market Reactions to Material Cybersecurity Incident Disclosures
Maxwell Block
TL;DR
This paper investigates how stock markets react to the disclosure of material cybersecurity incidents, revealing that such disclosures generally lead to negative stock price movements, especially for smaller firms.
Contribution
It provides empirical evidence on market reactions to cybersecurity disclosures and highlights the influence of firm size on market sensitivity.
Findings
Negative stock price reactions following disclosures
Smaller companies experience more pronounced declines
No significant difference across sectors or beta values
Abstract
This study examines short-term market responses to material cybersecurity incidents disclosed under Item 1.05 of Form 8-K. Drawing on a sample of disclosures made between 2023 and 2025, daily stock price movements were evaluated over a standardized event window surrounding each filing. On average, companies experienced negative price reactions following the disclosure of a material cybersecurity incident. Comparisons across company characteristics indicate that smaller companies tended to incur more pronounced declines, while differences by sector and beta were not evident. These findings offer empirical insight into how public markets interpret cybersecurity risks when they are formally reported and suggest that firm size may influence the degree of sensitivity to such events.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Supply Chain Resilience and Risk Management · Auditing, Earnings Management, Governance