Tuesday, July 26, 2022

Firms time announcements of data breaches to bury the bad news

New research calls for stricter regulations, transparency for consumers

Peer-Reviewed Publication

INSTITUTE FOR OPERATIONS RESEARCH AND THE MANAGEMENT SCIENCES

INFORMS Journal Management Science Study Key Takeaways:

  • New research finds firms strategically announce data breaches when the media is preoccupied so less public attention is drawn to it.
  • This strategy harms consumers because the stock market doesn’t “punish” firms for their error.
  • Strategically timing the announcement of data breaches reduces the median decline in market capitalization loss from $347 million to $85 million.

  

BALTIMORE, MD, July 26, 2022 – New research in the INFORMS journal Management Science finds that firms that have experienced data breaches intentionally stage the timing of such announcements around other significant breaking news as a means of reducing media coverage and minimizing public attention.

“We estimate that strategic timing reduces the median decline in market capitalization loss resulting from a data breach, from $347 million to $85 million,” says Sebastian Schuetz of Florida International University.

The study, “Data Breach Announcements and Stock Market Reactions: A Matter of Timing?” conducted by Schuetz and Jens Foerderer of the Technical University of Munich, finds that this strategy harms consumers because the stock markets do not adequately “punish” firms for their misbehavior. 

The work appears to show that strategic timing is most common in data breaches that are of greatest interest to consumers, such as those that are more severe and involve healthcare data, financial data and credentials. 

“Based on our findings, we recommend lawmakers mandate shorter disclosure deadlines, from the current 30-day deadline to just three days,” says Foerderer. “Strategic timing is harmful for consumers because it undermines the effectiveness of current U.S. data breach legislation: because consumers and investors receive less information about the occurrence of a data breach, less change is being promoted in firms to protect consumers against future security issues.”

 

Link to full study.

 

About INFORMS and Management Science

Management Science is a premier peer-reviewed scholarly journal focused on research using quantitative approaches to study all aspects of management in companies and organizations. It is published by INFORMS, the leading international association for operations research and analytics professionals. More information is available at www.informs.org or @informs


No comments:

Post a Comment