Cyberattacks primarily impact firm value through increased costs rather than sales declines, indicating financial burdens over reputational damage. Costs persist beyond the short term, and firms invest in recovery efforts. Over time, reputational concerns have diminished as cyber resilience improves. These findings emphasize the need for strong corporate risk management, focusing on cost recovery, recovery planning, and trust restoration strategies tailored to specific contexts.
“We argue that cyber and other financial shocks cannot be treated as uncorrelated vulnerabilities and policy solutions for cyber vulnerability need to be calibrated for adverse financial conditions.”
"Using a novel firm-level measure of cybersecurity, we find that cybersecurity risk increases the probability of bank default. The effect is larger for banks with deposit withdrawal, but less pronounced for banks with liquidity buffer. Our results are robust to using an instrumental variable approach and to using alternative measures. "
The increasing complexity of data protection laws, rising compliance costs, and evolving cyber threats make data security a vital business concern.
"... businesses have basic cybersecurity responsibilities and fundamental duties to operate securely in a digital society."
"Bank employees are more susceptible to being phished than professional services firm employees, but within the bank, the employees with professional certificates are less susceptible to phishing attacks than other bank employees. Also, employees with self-reported responsibility for cybersecurity are less likely to be phished."
"Cyber attacks can impair banks operations and precipitate bank runs. When digital infrastructure is shared, banks defend themselves by investing in cybersecurity but can free-ride on the security measures of others. Ex ante free-riding by banks interacts with the ex post coordination frictions underpinning bank runs."