Our second paper on systemic nature (and regulatory response to) cyber security risks is now available in a working paper format here: Corbet, Shaen and Gurdgiev, Constantin, Regulatory Cybercrime: A Hacking-Based Mechanism to Regulate and Supervise Corporate Cyber Governance? (January 23, 2017): https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2904749.
Abstract: This paper examines the impact of cybercrime and hacking events on equity market volatility across publicly traded corporations. The volatility influence of these cybercrime events is shown to be dependent on the number of clients exposed across all sectors and the type of the cyber security breach event, with significantly large volatility effects presented for companies who find themselves exposed to cybercrime in the form of hacking. Evidence is presented to suggest that corporations with large data breaches are punished substantially in the form of stock market volatility and significantly reduced abnormal stock returns. Companies with lower levels of market capitalisation are found to be most susceptible. In an environment where corporate data protection should be paramount, minor breaches appear to be relatively unpunished by the stock market. We also show that there is a growing importance in the contagion channel from cyber security breaches to markets volatility. Overall, our results support the proposition that acting in a controlled capacity from within a ring-fenced incentives system, hackers may in fact provide the appropriate mechanism for discovery and deterrence of weak corporate cyber security practices. This mechanism can help alleviate the systemic weaknesses in the existent mechanisms for cyber security oversight and enforcement.