An Event Study Analysis of the Economic Impact of IT Operational Risk and its Subcategories

0

Author Information : Michel Benaroch (Whitman School of Management, Syracuse University)
Anna Chernobai (Whitman School of Management, Syracuse University)
James Goldstein (Canisuis College)

Year of Publication : Journal of the Association for Information Systems (2011)

Summary of Findings : Companies should care about all types of operational IT failures, not just cyber security breaches. Data from the past 25 years reveals that firms experiencing operational IT failures suffer, on average, a 2% drop in their stock prices, especially when the failures involve loss of availability or misoperation of IT systems and data assets.

Research Questions : 1. How damaging to the firm are operational IT failures?

2. Are all types of operational IT failures equally damaging?

What we know : Most researchers and practitioners have focused on malicious data breaches and cybersecurity attacks, even though these are only one type of operational IT failure.

Novel Findings : Operational IT failures of all kinds have a negative wealth effect on firms – experiencing firms suffer about a two percent drop in equity value around when the failures come to light.

Operational IT failures compromising the availability and integrity of IT systems are more damaging than failures compromising the confidentiality of data assets.

Implications for Practice : Operational IT failures present a major hazard, and firms must understand and manage risk factors giving rise to these failures.

Firms should pay greater attention to failures that compromise the availability and integrity of IT systems.

Implications on Research: Available data on, and methods for studying operational IT failures and their root causes are limited.

Full Citations : James Goldstein, Anna Chernobai, and Michel Benaroch, “An Event Study Analysis of the Economic Impact of IT Operational Risk and its Subcategories,” Journal of AIS, Vol. 12, No. 9, pp.606-631, September 2011.

Abstract : Our understanding of operational IT failures is limited despite their growing number and increasing negative impacts on firms. We suggest that operational IT failures are rooted in IT “resource weaknesses,” or flaws in the way data and IT assets are implemented and managed. We distinguish two categories of operational IT failures: (1) data failures involving disclosure, misuse, or destruction of data assets; and (2) functional failures involving loss of availability or mis-operation of functional IT assets responsible for the handling of data assets. Data-related IT failures get more attention, perhaps because of the publicity given to malicious Cybersecurity incidents. By contrast, little is known about the impact of function-related IT failures. We examined how equity markets react to the announcement of operational IT failures that occurred in U.S. financial service firms over a 25-year period. We find that all IT failures, on average, are followed by over a 2% drop in the equity value of firms experiencing them (figure 1). We also find that, surprisingly, function-related failures have a substantially larger negative wealth effect than data-related failures.

Click here to access Full Paper

Model for operational IT failure and financial risk

Average Cumulative Abnormal Returns measured around IT failure announcements (show a 2% drop that persists for at least 10 days)

Michel Benaroch

Michel Benaroch

Professor Benaroch is associate dean for research and professor of MIS at the Whitman School of Management. Professor Benaroch’s research addresses issues concerning the economics of IT investment, IT investment risk, ontology-centered knowledge representation, and artificial intelligence applications in finance. He has published extensively in information systems and computer science journals, including MIS Quarterly, Information Systems Research, Journal of MIS, IEEE Transaction on Software Engineering, International Journal of Accounting Information Systems, and International Journal of Human-Computer Interaction. He was ranked #26 (out of top-100 researchers worldwide) who published in top Information Systems journals (MISQ, ISR, JMIS, and JAIS) during 1999-2011.
Michel Benaroch
Share.

Leave A Reply