Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors. However, companies that are open about their cybersecurity risk management fare significantly better than peers that don’t disclose their cybersecurity efforts.
“Previous studies have found evidence of this ‘contagion effect’ in the wake of cybersecurity breaches,” says Robin Pennington, co-author of a paper on the work and an associate professor of accounting in North Carolina State University’s Poole College of Management. “However, to our knowledge, ours is the first to test the issue experimentally. We not only confirmed the contagion effect, but found that there are clear steps companies can take to reduce its impact.”
Specifically, companies would be well advised to implement the voluntary reporting guidelines from the AICPA on disclosing cybersecurity efforts, the authors conclude.
To explore issues pertaining to the contagion effect, researchers conducted a study with 120 nonprofessional investors. In the study, participants were given information about a fictional company, call Company A. Some of…