The impact of GDPR infringement fines on the market value of firms
-
Published:2022-09-07
Issue:1
Volume:31
Page:51-64
-
ISSN:2056-4961
-
Container-title:Information & Computer Security
-
language:en
-
Short-container-title:ICS
Author:
Ford Adrian,Al-Nemrat Ameer,Ghorashi Seyed Ali,Davidson Julia
Abstract
Purpose
This paper aims to investigate the impact of the General Data Protection Regulation (GDPR) infringement fine announcements on the market value of mostly European publicly listed companies with a view to reinforcing the importance of data privacy compliance, thereby informing cyber security investment strategies for organisations.
Design/methodology/approach
Previous studies have shown (varying degrees of) evidence of a negative impact of data breach announcements on the share price of publicly listed companies. Following on from this research, further studies have been carried out in assessing the economic impact of the introduction of legislation in this area to encourage firms to invest in cyber security and protect the privacy of data subjects. Existing research has been predominantly US centric.
Findings
Using event study techniques, a data set of 25 GDPR fine announcement events was analysed, and statistically significant cumulative abnormal returns of around 1% on average up to three days after the event were identified. In almost all cases, this negative economic impact on market value far outweighed the monetary value of the fine itself, and relatively minor fines could result in major market valuation losses for companies, even those having large market capitalisations.
Originality/value
This research would be of benefit to business management, practitioners of cyber security, investors and shareholders as well as researchers in cyber security or related fields (pointers to future research are given). Data protection authorities may also find this work of interest.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference46 articles.
1. COVID-19 outbreak and sectoral performance of the Australian stock market: an event study analysis;Australian Economic Papers,2020
2. Stock market reactions to favorable and unfavorable information security events: a systematic literature review;Computers and Security,2021
3. How internet security breaches harm market value;IEEE Security and Privacy Magazine,2010
4. BBC (2013), “Sony fined over 'preventable' PlayStation data hack”, available at: www.bbc.co.uk/news/technology-21160818 (accessed 30 March 2021).
5. BBC (2016), “TalkTalk fined £400,000 for theft of customer details”, available at: www.bbc.co.uk/news/business-37565367 (accessed 26 April 2021).