This study investigates the market reaction to distributed denial of service (DoS) attacks on internet firms and the information transfer affecting the market value of non-attacked internet and internet security firms. We use the portfolio approach to examine the market impact of DoS attacks and w e contribute to this stream of literature by using intraday data obtained from the NASTRAQ database. We find evidence for trading volume of firms being adjusted for DoS attacks but mixed results for firm returns.
(ProQuest: ... denotes formulae omitted.)
Computers have become an integral part of our personal and professional lives. Some companies in fact conduct all of their business solely through the use of computers; these firms are referred to as "internet firms." Denial of access to computer networks even for abrief period of time can result in a loss of business and can be devastating to internet firms. Distributed denial of service (DoS) attacks on internet firms encompass all conditions that deliberately prevent users from accessing network resources through which the firms conduct business, including the sale and purchase of products and access to data for various reasons. The attacks may also go beyond shutting down websites; it may damage computer software and systems, and compromise firm and customer data.
During a DoS attack, internet firms lose revenue and also suffer the consequences of exposure to their inherent "vulnerability" with permanent loss of future revenue (some customers shy away from internet businesses after news of a hacker attack). Using e-Bay as an example, Duh et al. (2002) show that concern over online security is a major impediment to the growth of internet businesses. They find that DoS, privacy, and authentication are three major sources of business risk for internet firms.
The impact of DoS attacks on market reaction remains questionable. Several studies have examined the market reaction of such attacks; the findings, however, are inconclusive. Hovav and D'Arcy (2003) and Hovav, Andoh-Baidoo and Dhillion (2007) find that the market does not significantly penalize internet companies that experience a DoS attack. Ettredge and Richardson (2003), Cavusoglu, Mishra and Raghunathan (2004), and Anthony, Choi and Grabski (2006), on the other hand, find a negative market reaction to internet firms that experience web outages. Each of these studies used an event study methodology and daily returns data. Telang and WattaPs (2007) examination of the impact of vulnerability announcements on security software vendors reveals that these companies do suffer a drop in their stock prices.
The purpose of this study is to further examine the relation between DoS attacks and market reaction. We build on the study by Ettredge and Richardson (2003) and examine the effects of the same DoS attacks at an intraday level using data obtained from the NASTRAQ database. Using intraday data further allows us to investigate the extent to which the DoS victim's stock prices are affected and the related length of time. Additionally, we analyze the impact of DoS attacks on other firms in the same industry by way of information transfer. We hypothesize that a DoS victim's stock will trade heavily; this increase in trading volume will become "news" resulting in an increase in trading of other stocks in the same industry. Furthermore, we examine the extent to which a DoS attack affects the stock price of Internet Security Provider (ISP) firms at an intraday level.
Our study advances the current knowledge of literature by using intraday data. This data is advantageous since the NASDAQ market price adjusts rapidly to new information on DoS attacks. The NASTRAQ database, which is intended for academic research, contains trades and quotes for NASDAQ stocks. The data must be extracted into spreadsheets. This poses a major difficulty with the large volume of trading data within the short window of interest in this paper. …