Intraday Study of the Market Reaction to Distributed Denial of Service (DOS) Attacks on Internet Firms

Article excerpt


Computers have become an integral part of our personal and professional lives. Some companies in fact conduct all of their business solely through the use of computers; these firms are referred to as "internet firms." Denial of access to computer networks even for a brief period of time can result in a loss of business and can be devastating to internet firms. Distributed denial of service (DoS) attacks on internet firms encompass all conditions that deliberately prevent users from accessing network resources through which the firms conduct business, including the sale and purchase of products and access to data for various reasons. The attacks may also go beyond shutting down websites; it may damage computer software and systems, and compromise firm and customer data.

During a DoS attack, internet firms lose revenue and also suffer the consequences of exposure to their inherent "vulnerability" with permanent loss of future revenue (some customers shy away from internet businesses after news of a hacker attack). Using e-Bay as an example, Duh et al. (2002) show that concern over online security is a major impediment to the growth of internet businesses. They find that DoS, privacy, and authentication are three major sources of business risk for internet firms.

The impact of DoS attacks on market reaction remains questionable. Several studies have examined the market reaction of such attacks; the findings, however, are inconclusive. Hovav and D'Arcy (2003) and Hovav, Andoh-Baidoo and Dhillion (2007) find that the market does not significantly penalize internet companies that experience a DoS attack. Ettredge and Richardson (2003), Cavusoglu, Mishra and Raghunathan (2004), and Anthony, Choi and Grabski (2006), on the other hand, find a negative market reaction to internet firms that experience web outages. Each of these studies used an event study methodology and daily returns data. Telang and Wattal's (2007) examination of the impact of vulnerability announcements on security software vendors reveals that these companies do suffer a drop in their stock prices.

The purpose of this study is to further examine the relation between DoS attacks and market reaction. We build on the study by Ettredge and Richardson (2003) and examine the effects of the same DoS attacks at an intraday level using data obtained from the NASTRAQ database. Using intraday data further allows us to investigate the extent to which the DoS victim's stock prices are affected and the related length of time. Additionally, we analyze the impact of DoS attacks on other firms in the same industry by way of information transfer. We hypothesize that a DoS victim's stock will trade heavily; this increase in trading volume will become "news" resulting in an increase in trading of other stocks in the same industry. Furthermore, we examine the extent to which a DoS attack affects the stock price of Internet Security Provider (ISP) firms at an intraday level.

Our study advances the current knowledge of literature by using intraday data. This data is advantageous since the NASDAQ market price adjusts rapidly to new information on DoS attacks. The NASTRAQ database, which is intended for academic research, contains trades and quotes for NASDAQ stocks. The data must be extracted into spreadsheets. This poses a major difficulty with the large volume of trading data within the short window of interest in this paper. The seminal paper by Ball and Brown (1968) shows that the market does not adjust fully to new information and leads to a post announcement drift. Therefore, we examine the market adjustment to a DoS attack, on an intraday basis as trading occurs, and the cost of security in terms of price adjustment to firms in the industry that have not been attacked. Another significant contribution of this research will be the study of information transfer based on trading volume.


The rational pricing and market value of internet firms has been studied extensively. …


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.