Date of Award


Document Type

Dissertation - Open Access

Degree Type


Degree Name

Doctor of Business Administration (DBA)


Dr. Brian Walkup

Second Advisor

Dr. Nana Amoah

Third Advisor

Dr. Halil Kiymaz


data breach, event study, indirect cost, firm valuation, abnormal returns


The rise and continued growth of electronic commerce has broadened the horizons of many businesses, spurred innovation, and fostered the development of new industries. Along with this growth emerges a new breed of criminal who seeks to compromise and monetize personal data at the expense of both the firm and the individual. Cybercrime has significant impacts to firms. One way to measure the significance of cyber events such as data breaches to firm valuation is through the use of event studies, however the findings of previous event studies in this area have been mixed and are in need of additional research. Additionally, the effect of firm specific actions contained in the breach announcement, as well as the timeliness of the breach notification itself, have yet to be studied. Further, breach announcements are among myriad considerations evaluated by investors and may be less impactful to the firm during periods when investor distraction is high. The current research applied four event study models to data breach announcements over the period 2018-2020, resulting in statistically significant negative cumulative average abnormal returns (CAAR) in a variety of short and moderate term event windows centered on the breach announcement date, most notably the (-5,5) window. A series of cross-sectional regression analyses noted that timely breach announcements were viewed favorably by investors, whereas a firm’s announced response to a breach had no significant impact on CAAR. Investors generally reacted less negatively to breach announcements during periods of high investor distraction, however the results in this area were mixed and are in need of additional scholarly research.