IDEAS home Printed from https://ideas.repec.org/p/cpb/discus/411.html
   My bibliography  Save this paper

Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms

Author

Listed:
  • Milena Dinkova
  • Ramy El-Dardiry
  • Bastiaan Overvest

    (CPB Netherlands Bureau for Economic Policy Analysis)

Abstract

This CPB discussion paper investigates the cybersecurity of Dutch small and medium-sized enterprises, the security measures they take and the relationship thereof with financial results. Often, small and medium-sized enterprises are identified as a particularly vulnerable group for cyber incidents. However, there is not much academic research focusing on the cyber security costs for those firms. In this paper, we employ representative survey data on ICT use and administrative tax record data on Dutch firms to understand how cybersecurity investments relate to the probability of cyber incidents and firm profitability. This dataset allows us to control for firm size, industry, and IT organization.

Suggested Citation

  • Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2020. "Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms," CPB Discussion Paper 411, CPB Netherlands Bureau for Economic Policy Analysis.
  • Handle: RePEc:cpb:discus:411
    as

    Download full text from publisher

    File URL: https://www.cpb.nl/sites/default/files/omnidownload/CPB-Discussion-Paper-411-Cyber-incidents-security-measures-and-financial-returns.pdf
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Bastiaan Overvest & Bas Straathof, 2015. "What drives cybercrime? Empirical evidence from DDoS attacks," CPB Discussion Paper 306.rdf, CPB Netherlands Bureau for Economic Policy Analysis.
    2. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    3. Eli Amir & Shai Levi & Tsafrir Livne, 2018. "Do firms underreport information on cyber-attacks? Evidence from capital markets," Review of Accounting Studies, Springer, vol. 23(3), pages 1177-1206, September.
    4. Bastiaan Overvest & Bas Straathof, 2015. "What drives cybercrime? Empirical evidence from DDoS attacks," CPB Discussion Paper 306, CPB Netherlands Bureau for Economic Policy Analysis.
    5. Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2020. "Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms," CPB Discussion Paper 411.rdf, CPB Netherlands Bureau for Economic Policy Analysis.
    2. Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2024. "Should firms invest more in cybersecurity?," Small Business Economics, Springer, vol. 63(1), pages 21-50, June.
    3. Chris Florackis & Christodoulos Louca & Roni Michaely & Michael Weber & Itay Goldstein, 2023. "Cybersecurity Risk," The Review of Financial Studies, Society for Financial Studies, vol. 36(1), pages 351-407.
    4. Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
    5. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    6. Office of Financial Research (ed.), 2017. "2017 Financial Stability Report," Reports, Office of Financial Research, US Department of the Treasury, number 17-2, May.
    7. Rezaee, Zabihollah & Zhou, Gaoguang & Bu, Luofan (Luther), 2024. "Corporate social irresponsibility and the occurrence of data breaches: A stakeholder management perspective," International Journal of Accounting Information Systems, Elsevier, vol. 53(C).
    8. Cao, Hung & Phan, Hieu V. & Silveri, Sabatino, 2024. "Data breach disclosures and stock price crash risk: Evidence from data breach notification laws," International Review of Financial Analysis, Elsevier, vol. 93(C).
    9. Shuai Chen & Mengmeng Hao & Fangyu Ding & Dong Jiang & Jiping Dong & Shize Zhang & Qiquan Guo & Chundong Gao, 2023. "Exploring the global geography of cybercrime and its driving forces," Palgrave Communications, Palgrave Macmillan, vol. 10(1), pages 1-10, December.
    10. Loic Mar'echal & Alain Mermoud & Dimitri Percia David & Mathias Humbert, 2024. "Measuring the performance of investments in information security startups: An empirical analysis by cybersecurity sectors using Crunchbase data," Papers 2402.04765, arXiv.org, revised Feb 2024.
    11. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.
    12. Corbet, Shaen & Gurdgiev, Constantin, 2019. "What the hack: Systematic risk contagion from cyber events," International Review of Financial Analysis, Elsevier, vol. 65(C).
    13. Gauguier, Jean-Jacques, 2009. "L’industrialisation de l’Open Source," Economics Thesis from University Paris Dauphine, Paris Dauphine University, number 123456789/4388 edited by Toledano, Joëlle.
    14. Daniel Celeny & Loic Mar'echal & Evgueni Rousselot & Alain Mermoud & Mathias Humbert, 2024. "Prioritizing Investments in Cybersecurity: Empirical Evidence from an Event Study on the Determinants of Cyberattack Costs," Papers 2402.04773, arXiv.org.
    15. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    16. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    17. Seo-Young Cho, 2016. "A crime 2.0 - cybercrime, e-talent, and institutions," MAGKS Papers on Economics 201608, Philipps-Universität Marburg, Faculty of Business Administration and Economics, Department of Economics (Volkswirtschaftliche Abteilung).
    18. Sanjeev Goyal & Adrien Vigier, 2014. "Attack, Defence, and Contagion in Networks," Review of Economic Studies, Oxford University Press, vol. 81(4), pages 1518-1542.
    19. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    20. Daniel Celeny & Loic Mar'echal, 2024. "Cyber risk and the cross-section of stock returns," Papers 2402.04775, arXiv.org, revised Mar 2024.

    More about this item

    JEL classification:

    • D22 - Microeconomics - - Production and Organizations - - - Firm Behavior: Empirical Analysis
    • D83 - Microeconomics - - Information, Knowledge, and Uncertainty - - - Search; Learning; Information and Knowledge; Communication; Belief; Unawareness
    • G14 - Financial Economics - - General Financial Markets - - - Information and Market Efficiency; Event Studies; Insider Trading
    • M15 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - IT Management

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:cpb:discus:411. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: the person in charge (email available below). General contact details of provider: https://edirc.repec.org/data/cpbgvnl.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.