Full metadata record
DC FieldValueLanguage
dc.contributorFaculty of Businessen_US
dc.creatorFu, Jiaojiao-
dc.identifier.urihttps://theses.lib.polyu.edu.hk/handle/200/12172-
dc.languageEnglishen_US
dc.publisherHong Kong Polytechnic Universityen_US
dc.rightsAll rights reserveden_US
dc.titleThe effect of data breaches in the financial service industry : an empirical studyen_US
dcterms.abstractA data breach is an incident where information is stolen from a system without the owner's authorization. Both small companies and large organizations suffer from data breach incidents. Stolen data usually involves sensitive, proprietary, or confidential information such as credit card numbers, trade secrets, customer-specific data, or national security matters. The effects post a data breach can come in the form of damage to the target company's firm value as well as reputation due to the "betrayal of trust" felt by the customer. Victims and customers usually will also suffer financial or monetary losses, as financial records can be part of the information stolen.en_US
dcterms.abstractEconomic developments and technological improvements have driven modern financial regulation during the last three decades. Banks and financial service institutions have progressed to making the global markets more competitive, and currently, they work more efficiently for banking and financial services customers. Across the last two decades of digitization and data-rization, the finance sector has increasingly combined its services with related technologies, including online banking, mobile banking, e-financial services, e-credit checking, e-Insurance, big data and artificial intelligence, initial coin offerings ICOs, distributed ledgers and blockchain, smart contracts, regulatory technology ('RegTech'), and digital identity, in a new era of FinTech.en_US
dcterms.abstractThe result of the advanced IT systems and devices in the financial service industry is that cybersecurity and data breach risks are now evolving into one of the major threats to the financial stability and financial security of banks and financial services across the globe. Furthermore, the new advancements of FinTech creative disruption and the cyber risks threaten the already weakened traditional banking and financial service models. The models depend on customer loyalty to upkeep the existing basic services. However, this loyalty is currently facing increased risks, partially caused by the technology challenges and improvements of new FinTech models of services.en_US
dcterms.abstractThe top motivation for cyber-attacks and threats are financial gain or money robbery. Cyber attackers or hackers use malware to obtain money from customer bank accounts. Other motivations for cybercrime may include sabotage or curiosity. There was an estimated cost of more than 2 trillion United States (US) dollars by 2019 on fraud or cyber threats and data breaches. The frequency and severity of cybercrime and cyber-attacks are increasing but can be controlled by further investment in system protection and new FinTech secure and safety technology.en_US
dcterms.abstractData breaches in the last two decades received significant attention in the financial press but little attention in the academic literature. Analysts and investors have little guidance on the effects of breaches on security-related financial losses. Additionally, when analysts, managers, and investors hear about a data breach, they have little guidance on the potential impact of the breach on the firm stock. Furthermore, the stock prices of different industry firms have different effects after cyber threats and data breach events. In this research study, hypothesis tests results shown that the post data breach incident firm value is negative for financial service firms in long term.en_US
dcterms.abstractData breach legislation differs in different countries around the world. Many countries still do not require firms to notify authorities of data breach incidents. However, in North America and France, firms are obliged to notify affected individuals of a data breach under certain conditions. In the US, listed firms need to disclose the data breach incidents, cyber-attack events, and financial losses estimated in financial reports as well as in public announcements.en_US
dcterms.abstractIn the United States, 47 out of 52 states laws and some sector-specific federal laws already require organizations suffering a data breach to disclose the incident and notify all customers if their data were exposed. Financial firms need to implement new skilled legal advisory personnel and make the correct disclosure and announcements post the data breach incidents. The disclosure and announcement need to meet legal requirements, comply with the law, meet the requirements of the board management, and be responsible to customers of the financial service firm. The skilled legal advisor or cyber security legal management officer needs to be in a senior position, and the trend is to position the law officer in the board room.en_US
dcterms.abstractBased on the above, how major listed firms are affected in earnings and profits by cyber threats? How have the listed financial companies in the US disclosed the cyber security threats or data breach threats in their financial reports? How will firms handle a change of management or respond to the data breach incident in the board room to implement more security control? Finally, if the firms enhance corporate governance in cyber security control by employing an IT officer and implementing a legal background board room officer, will the firm value increase after the data breach incident?en_US
dcterms.abstractThus this research developed two hypotheses and performed additional empirical tests to examine 1) if the financial service firm value is impacted after data breach events, 2) how managers respond after data breach events, and whether the firm will add an IT officer to reinforce cyber security control and enhance corporate governance, and 3) finally, will employing an IT officer and legal background officer affect firm value.en_US
dcterms.abstractData were collected from databases of the global financial news channels, 3rd party analytical channels, companies' public online reports, Securities and Exchange Commission (SEC) reports, listed companies' earnings and profit reports, and companies' own announcements. These were analyzed to evaluate cyber threats and data breach losses of firms among the top-listed US financial institutions.en_US
dcterms.abstractThis study analyzes current top-listed financial institutions during the recent nine years time frame (2010-2018) to test the hypotheses developed. The sample construction begins with the Audit Analytics database Cybersecurity Module. The sample is limited to financial service companies only (SIC 6000-6700). The data is then merged with the S&P Capital IQ COMPUSTAT database and the Institutional Shareholder Services Director and Governance database. After eliminating observations with necessary variables missing, there are 88 firm-breaches observations left, with 58 unique firms. The sample period is year 2010 to year 2018 to avoid possible confounding factors from major financial and economic events such as the financial crisis and the coronavirus pandemic. The research study also designed and developed methods to measure data breaches and firms' cyber security awareness after the data breach incident.en_US
dcterms.abstractIn conclusion, the empirical results have shown that in US financial service industry, the listed firm value was negatively impacted after data breaches and cyber threat events disclosure, firms' cyber security awareness increased, and firms responded after data breach events by adding an IT officer and reinforce corporate governance in cyber security and legal management by adding a legal skilled background member in the board room. Finally, additional tests have further shown that the firm value will be positively affected after firms increase cyber security awareness, employ an IT security control manager, and enhance corporate governance.en_US
dcterms.extent95 pages : color illustrationsen_US
dcterms.isPartOfPolyU Electronic Thesesen_US
dcterms.issued2022en_US
dcterms.educationalLevelD.B.A.en_US
dcterms.educationalLevelAll Doctorateen_US
dcterms.LCSHBusiness -- Data processing -- Security measuresen_US
dcterms.LCSHComputer networks -- Security measuresen_US
dcterms.LCSHCrisis managementen_US
dcterms.LCSHInformation resources managementen_US
dcterms.LCSHHong Kong Polytechnic University -- Dissertationsen_US
dcterms.accessRightsrestricted accessen_US

Files in This Item:
File Description SizeFormat 
6620.pdfFor All Users (off-campus access for PolyU Staff & Students only)1.96 MBAdobe PDFView/Open


Copyright Undertaking

As a bona fide Library user, I declare that:

  1. I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
  2. I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
  3. I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.

By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.

Show simple item record

Please use this identifier to cite or link to this item: https://theses.lib.polyu.edu.hk/handle/200/12172