Diving into the financial landscape, this study determines the direct impact of information security breaches on an organization’s stock market value. We aim to provide a clear benchmark for understanding the broader economic consequences of such incidents.

Design/Methodology/approach

We used an event studies based approach where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.

Findings

Based on the results, we argue that although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.

Research limitations/implications

One of the main limitations of this study was the quantity and quality of published data on security breaches, as organizations tend not to share this information.

Practical implications

One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.

Originality/value

We envisage that as more breach event data become more widely available due to compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.