Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

How does the Stock Market Reacts to Information Security Investment of Firms in Korea : An Exploratory Study

기업의 정보보안 투자에 시장이 어떻게 반응하는지에 대한 탐색적 연구

  • Received : 2017.10.18
  • Accepted : 2018.03.23
  • Published : 2018.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, many South Korean firms have suffered financial losses and damaged corporate images from the data breaches. Accordingly, a firm should manage their IT assets securely through an information security investment. However, the difficulty of measuring the return on an information security investment is one of the critical obstacles for firms in making such investment decisions. There have been a number of studies on the effect of IT investment so far, but there are few researches on information security investment. In this paper, based on a sample of 76 investment announcements of firms whose stocks are publicly traded in the South Korea's stock market between 2001 and 2017, we examines the market reaction to information security investment by using event study methodology. The results of the main effects indicate that self-developed is significantly related to cumulative average abnormal returns (CAARs), while no significant effect was observed for discloser, investment characteristics and firm characteristics. In addition, we find that the market reacts more favorably to the news announced by the subject of investment than the vendor, in case of investments with commercial exploitation. One of main contributions in our study is that it has revealed the factors affecting the market reaction to announcement of information security investment. It is also expected that, in practice, corporate executives will be able to help make an information security investment decision.

Keywords

References

  1. Binder, J., "The Event Study Methodology Since 1969", Review of Quantitative Finance and Accounting, Vol.11, No.2, 1998, 111-137. https://doi.org/10.1023/A:1008295500105
  2. Bose, I. and A.C.M. Leung, "The Impact of Adoption of Identity Theft Countermeasures on Firm Value", Decision Support Systems, Vol.55, No.3, 2013, 753-763. https://doi.org/10.1016/j.dss.2013.03.001
  3. Bose, I. and R. Pal, "Do Green Supply Chain Management Initiatives Impact Stock Prices of Firms?", Decision Support Systems, Vol. 52, No.3, 2012, 624-634. https://doi.org/10.1016/j.dss.2011.10.020
  4. Brown, S.J. and J.B. Warner, "Using Daily Stock Returns : The Case of Event Studies", Journal of Financial Economics, Vol.14, No.1, 1985, 3-31. https://doi.org/10.1016/0304-405X(85)90042-X
  5. Campbell, K., L.A. Gordon, M.P. Loeb, and L. Zhou, "The Economic Cost of Publicly Announced Information Security Breaches : Empirical Evidence from the Stock Market", Journal of Computer Security, Vol.11, No.3, 2003, 431-448. https://doi.org/10.3233/JCS-2003-11308
  6. Cavusoglu, H., B. Mishra, and S. Raghunathan, "The Effect of Internet Security Breach Announcements on Market Value : Capital Market Reactions for Breached Firms and Internet Security Developers", International Journal of Electronic Commerce, Vol.9, No. 1, 2004, 70-104.
  7. Chai, S., M. Kim, and H.R. Rao, "Firms' Information Security Investment Decisions : Stock Market Evidence of Investors' Behavior", Decision Support Systems, Vol.50, No.4, 2011, 651-661. https://doi.org/10.1016/j.dss.2010.08.017
  8. Chatterjee, D., C. Pacini, and V. Sambamurthy, "The Shareholder Wealth and Trading Volume Effects of IT Infrastructure Investments", Journal of Management Information Systems, Vol.19, No.2, 2002, 7-43.
  9. Choi, B.C., S.S Kim, and Z. Jiang, "Influence of Firm's Recovery Endeavors upon Privacy Breach on Online Customer Behavior", Journal of Management Information Systems, Vol.33, No.3, 2016, 904-933. https://doi.org/10.1080/07421222.2015.1138375
  10. Dehning, B., V.J. Richardson, and R.W. Zmud, "The Value Relevance of Announcements of Transformational Information Technology Investments", MIS Quarterly, Vol.27, No.4, 2003, 637-656. https://doi.org/10.2307/30036551
  11. Digitaltimes, "Shinhan Bank 'Security Keypad Solution' ", 2015. Available at http://www.dt.co.kr/contents.html?article_no=20150127 02100558795001(Accessed October 5. 2017).
  12. Economicreview, "Shinhan 'App Card' VISA․ MASTER Information Security", 2015. Available at http://www.econovill.com/news/article View.html?idxno=239733(Accessed October 5. 2017).
  13. Fama, E.F., "The Behavior of Sock Market Price", Journal of Business, Vol.38, No.1, 1965, 33- 105.
  14. Fama, E.F., L. Fisher, M.C. Jensen, and R. Roll, "The Adjustment of Stock Prices to New Information", International Economic Review, Vol.10, No.1, 1969, 1-21. https://doi.org/10.2307/2525569
  15. Im, K.S., K.E. Dow, and V. Grover, "A Reexamination of IT Investment and the Market Value of the Firm-An Event Study Methodology", Information Systems Research, Vol.12, No.1, 2001, 103-117. https://doi.org/10.1287/isre.12.1.103.9718
  16. Jang, S.S. and S.C. Kim, "An Empirical Study on the Effects of Business Performance by Information Security Management System (ISMS)", Convergence Security Journal, Vol. 15, No.3, 2015, 107-114. (장상수, 김상춘, "정보보호 관리체계 (ISMS)가 기업성과에 미치는 영향에 관한 실증적 연구", 융합보안논문지, 제15권, 제3호, 2015, 107-114.)
  17. Jeong, B.K. and A.C. Stylianou, "Market Reaction to Application Service Provider (ASP) Adoption : An Empirical Investigation", Information & Management, Vol.47, No.3, 2010, 176-187. https://doi.org/10.1016/j.im.2010.01.007
  18. Kim, C.W. and K.W. Kim, "Measuring Security Price Performance in Event Studies", Korean Journal of Financial Studies, Vol.20, No.1, 1997, 301-327. (김찬웅, 김경원, "사건연구에서의 주식성과 측정", 한국증권학회지, 제20권, 제1호, 1997, 301-327.)
  19. Kim, K.K., H.K. Shin, S.S. Park, and B.S Kim, "A Study on the Effects of the Information Asset Protection Performance on the Organization Performance : Management Activity and Control Activity", Journal of Information Management, Vol.40, No.3, 2009, 61- 77. (김경규, 신호경, 박성식, 김범수, "정보자산보호 성과가 조직성과에 미치는 영향에 관한 연구 : 관리활동과 통제활동을 중심으로", 정보관리연구, 제40권, 3호, 2009, 61-77.) https://doi.org/10.1633/JIM.2009.40.3.061
  20. KISA, "2016 Survey on Information Security (Business)", 2017. (한국인터넷진흥원, "2016년 정보보호실태조사(기업부문)", 2017.)
  21. Kwon, Y.O. and B.D. Kim, "The Effect of Information Security Breach and Security Investment Announcement on the Market Value of Korean Firms", Information System Review, Vol.9, No.1, 2007, 105-120. (권영옥, 김병도, "정보보안 사고와 사고방지 관련 투자가 기업가치에 미치는 영향", Information System Review, 제9권, 제1호, 2007, 105-120.)
  22. Oh, B.S., J.Y. Park, S.H. Jung, and K.H. Choi, "Effect of Korean Service Quality Awards on the Market Value by using Event Study Methodology", Korea Management Science Review, Vol.27, No.3, 2010, 161-196. (오병섭, 박지영, 정승환, 최강화, "한국의 서비스 품질상 수상이 기업가치에 미치는 영향 : 사건연구 방법론적 접근", 경영과학, 제27권, 제3호, 2010, 161-196.)
  23. Oh, W., J.W. Kim, and V.J. Richardson, "The Moderating Effect of Context on the Market Reaction to IT Investments", Journal of Information Systems, Vol.20, No.1, 2006, 19-44. https://doi.org/10.2308/jis.2006.20.1.19
  24. Park, J.Y., W.J. Jung, and B.S. Kim, "The Effect of Information Security Certification Announcement on the Market Value of Firms", Journal of Information Technology Services, Vol.15, No.3, 2016, 51-69. (박재영, 정우진, 김범수, "기업의 정보보호 인증이 기업가치에 미치는 영향", 한국IT서비스학회지, 제15권, 제3호, 2016, 51-69.)
  25. Parker, D.B., "The Strategic Values of Information Security in Business", Computers & Security, Vol.16, No.7, 1997, 572-582. https://doi.org/10.1016/S0167-4048(97)80793-6
  26. Roztocki, N. and H.R. Weistroffer, "Event Studies in Information Systems Research : A Review", Proceedings of the Fourteenth Americas Conference on Information Systems, 2008.
  27. Shin, I.S., W.C. Jang, and H.Y. Park, "Information Security Investment and Security Breach : Empirical Study on the Reverse Causality", Journal of the Korea Institute of Information Security & Cryptology, Vol.23, No.6, 2013, 1207-1217. (신일순, 장원창, 박희영, "정보보호 투자와 침해사고의 인과관계에 대한 실증분석", 정보보호학회논문지, 제23권, 제6호, 2013, 1207-1217.) https://doi.org/10.13089/JKIISC.2013.23.6.1207
  28. Son, I., D. Lee, J.N. Lee, and Y.B. Chang, "Market Perception on Cloud Computing Initiatives in Organizations : An Extended Resource- based View", Information & Management, Vol.51, No.6, 2014, 653-669. https://doi.org/10.1016/j.im.2014.05.006