資訊安全事件與公司長短期績效-以臺灣資訊 安全事件為例

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：28

、訪客IP：3.144.20.230

姓名

莊長晉(Chang-Chin Chuang) 查詢紙本館藏

畢業系所

會計研究所

論文名稱

資訊安全事件與公司長短期績效-以臺灣資訊安全事件為例
(The Impact of Information Security Breaches on Short-term and Long-term Firm Performance-Evidence from Information Security Breaches in Taiwan)

相關論文

★ 企業社會責任與會計績效指標之關聯性：考量網頁呈現效果	★ 企業社會責任揭露與網頁呈現對企業財務績效之關聯性
★ 企業社會責任與投資人評價之關聯性: 考量網頁呈現效果	★ 我國企業之資訊安全事件探討－以法令面分析
★ 採用iXBRL對散戶持股比率與交易量之影響	★ 首次發行代幣公司網站呈現方法與交易量之研究
★ iXBRL是否能降低資訊不對稱？	★ 財務報表API之可行性
★ 功能型與證券型代幣發行白皮書相似度對發行成功與否之影響	★ 首次代幣發行白皮書之主題分析對首次代幣發行之影響
★ 資訊安全之決定因素-考量家族企業與董事會背景	★ 首次代幣發行白皮書可讀性對募資成功與否之影響
★ 網站資訊揭露對首次代幣發行之影響	★ 公司申請法人機構識別碼對股東權益資金成本之影響
★ COVID-19對於實質盈餘管理之影響	★ COVID-19對資產減損之影響

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

資訊科技的進步與發展改變了企業的營運模式也創造了企業的新獲利模式。然而，企業也面臨了保護資訊安全的威脅與挑戰。2016年我國銀行業ATM盜領事件以及2017年勒索病毒的攻擊，震驚全臺灣。駭客入侵、個資外洩頻繁登上媒體版面，也讓臺灣企業及政府不得不開始重視資訊安全。本研究蒐集2006年至2017年臺灣資訊安全事件，分析其對臺灣上市櫃企業市場績效及會計績效之影響。本研究實證結果發現：在市場績效方面，考量媒體報導的因素後，有報導或報導長度大於三天且發生資訊安全事件的公司相對於沒有發生資訊安全事件的配對公司短期累積異常報酬顯著較低。而在會計績效方面，發生資訊安全事件的公司相對於沒有發生資訊安全事件的配對公司當年以及次年資產報酬率(ROA)顯著較低。因此，本研究認為資訊安全事件確實為臺灣企業產生負面之影響，本研究期望臺灣企業能正視資訊安全的重要性，投入資訊安全維護。

摘要(英)

The advance and development of information technology has changed the business model of the company and also created a new profit model for the company. However, companies also face the threat and challenge of protecting information security. In 2016, the bank’s ATM theft in Taiwan and the Ransomware Attacks in 2017 shocked Taiwan. As we saw considerable news about Hacker invasions and data losses recently, Taiwanese companies and governments have started paying attention to information security. This study collects information security breaches in Taiwan from 2006 to 2017, and analyzes its impact on market performance and accounting performance of Taiwan listed companies. The empirical results of this study show that: in terms of market performance, considering the factor of media coverage, if the information security breaches were reported or reported more than three days, the company′s short-term cumulative abnormal returns relative to those without information security incidents are significantly lower. In terms of accounting performance, the return on assets (ROA) of the companies that have information security breaches are significantly lower in the current and following year than the companies that do not have information security breaches. Therefore, this study believes that information security breaches do have a negative impact on Taiwanese companies. This study hopes that Taiwanese companies can put emphasis on the importance of information security and invest in information security maintenance.

關鍵字(中)

★ 資訊安全
★ 事件研究法
★ 市場績效
★ 會計績效

關鍵字(英)

★ information security
★ event study
★ market performance
★ accounting performance

論文目次

中文摘要………………....…………………………………………………………………..i
英文摘要………………………………………………………………………….………....ii
壹、緒論 1
貳、文獻回顧與假說發展 6
2-1 資訊科技與資訊安全 6
2-2 市場績效與資訊安全事件 7
2-3 會計績效與資訊安全事件 11
參、研究設計 13
3-1研究期間、樣本選取與資料來源 13
3-2研究模型與主要變數 17
肆、實證結果與分析 22
4-1敘述性統計與相關係數 22
4-2迴歸分析結果 25
4-3穩健性測試 30
伍、研究結論與建議 33
參考文獻………………………………………………………………………….……...…37
附錄…………………………………………………………………………….….………..43

參考文獻

李震華、沈怡華、翁偉修、高昶易、陳凱迪、董奕君、劉家委與謝耀方，2017，全球資訊安全產業發展趨勢研究，資策會產業情報研究所。
沈中華與李建然，2000，事件研究法：財務與會計實證研究必備，華泰文化。
陳立昕，2017，資訊安全事件對股東財富之影響，碩士論文，中國文化大學財務金融學系。
陳振楠、林永修與王瑞祥，2013，資訊安全與法律特訓教材，碁峰出版。
潘天佑，2012，資訊安全概論與實務，第三版，碁峰出版。
蕭伯毅，2014，資訊安全事件之市場反應，碩士論文，國立東華大學會計與財務碩士學位學程。
Acquisti, A., Friedman, A., & Telang, R. 2006. Is there a cost to privacy breaches? An event study. ICIS 2006 Proceedings：94.
Arcuri, M. C., Brogi, M., & Gandolfi, G. 2014. The effect of information security breaches on stock returns: Is the cyber crime a threat to firms? In European Financial Management Meeting.
Aytes, K., Byers, S., & Santhanakrishnan, M. 2006. The Economic Impact of Information Security Breaches: Firm Value and Intra-industry Effects. AMCIS 2006 Proceedings.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. 2010. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3)：523-548.
Campbell, K., Gordon, L. A., Loeb, M. P., Zhou, L. 2003. The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security, 11(3)：431-448.
Cardenas, J., Coronado, A., Donald, A., Parra, F., & Mahmood, M. A. 2012. The economic impact of security breaches on publicly traded corporations: An empirical investigation. AMCIS 2012 Proceedings. Paper 7.
Cavusoglu, H., Mishra, B., Raghunathan, S. 2004. The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1)：70-104.
Chai, S., Kim, M., & Rao, H. R. 2011. Firms′ information security investment decisions: Stock market evidence of investors′ behavior. Decision Support Systems, 50(4)：651-661.
Coronado, A. S. 2012. Market reactions to publicly announced privacy and security breaches suffered by companies listed on the United States stock exchanges: A comparative empirical investigation. The University of Texas at El Paso. Retrieved from https://search.proquest.com/docview/1294260263?accountid=12690
Crews, C. W., & Oberwetter, B. 2006. Preventing Identity Theft and Data Security Breaches: The Problem With Regulation. Retrieved from http://www.cei.org/pdf/5316.pdf
Das, S., Mukhopadhyay, A., & Anand, M. 2012. Stock market response to information security breach: A study using firm and attack characteristics. Journal of Information Privacy and Security, 8(4), 27-55.
Doherty, N. F., & Fulford, H. 2005. Do information security policies reduce the incidence of security breaches: an exploratory analysis. Information Resources Management Journal, 18(4)：21.
Fama, E. F., Fisher, L., Jensen, M. C., & Roll, R. 1969. The adjustment of stock prices to new information. International Economic Review, 10(1)：1-21.
Garg, A., Curtis, J., & Halper, H. 2003. Quantifying the financial impact of IT security breaches. Information Management & Computer Security, 11(2)：74-83.
Gatzlaff, K. M., & McCullough, K. A. 2010. The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1)：61-83.
Goel, S.,Shawky, H. A. 2009. Estimating the market impact of security breach announcements on firm values. Information & Management, 46(7)：404-410.
Gordon, L. A., Loeb, M. P., & Zhou, L. 2011. The impact of information security breaches: Has there been a downward shift in costs?. Journal of Computer Security, 19(1)：33-56.
Hovav, A., & D′Arcy, J. 2004. The impact of virus attack announcements on the market value of firms. Information Systems Security, 13(3)：32-40.
Hovav, A., Han, J., & Kim, J. 2017. Market Reaction to Security Breach Announcements: Evidence from South Korea. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 48(1)：11-52.
Hsu, C., Wang, T., & Lu, A. 2016. The Impact of ISO 27001 Certification on Firm Performance. In System Sciences (HICSS), 2016 49th Hawaii International Conference.
Hu, Q., Dinev, T., Hart, P., & Cooke, D. 2012. Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4)：615-660.
Ishiguro, M., Tanaka, H., Matsuura, K., & Murase, I. 2006. The effect of information security incidents on corporate values in the Japanese stock market. In International Workshop on the Economics of Securing the Information Infrastructure (WESII).
Jensen, M. C., & Meckling, W. H. 1976. Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics, 3(4)：305-360.
Kannan, K., Rees, J., Sridhar, S. 2007. Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1)： 69-91.
Keats, B. W., & Hitt, M. A. 1988. A causal model of linkages among environmental dimensions, macro organizational characteristics, and performance. Academy of Management Journal, 31(3)：570-598.
Ko, M., & Dorantes, C. 2006. The impact of information security breaches on financial performance of the breached firms: an empirical investigation. Journal of Information Technology Management, 17(2)：13-22.
Malhotra, A., & Kubowicz Malhotra, C. 2011. Evaluating customer information breaches as service failures: An event study approach. Journal of Service Research, 14(1)：44-59.
Mithas, S., Tafti, A., Bardhan, I., & Goh, J. M. 2012. Information technology and firm profitability: mechanisms and empirical evidence. MIS Quarterly：205-224.
Modi, S. B., Wiles, M. A., & Mishra, S. 2015. Shareholder value implications of service failures in triads: The case of customer information security breaches. Journal of Operations Management, 35：21-39.
Morse, E. A., Raval, V., & Wingender Jr, J. R. 2011. Market price effects of data security breaches. Information Security Journal: A Global Perspective, 20(6)：263-273.
Paul Bischoff, 2017, How data breaches affect stock market share prices, Comparitech. Retrieved from https://www.comparitech.com/blog/information-security/data-breach-share-price/#gref
Pirounias, S., Mermigas, D., & Patsakis, C. 2014. The relation between information security events and firm market value, empirical evidence on recent disclosures: An extension of the GLZ study. Journal of Information Security and Applications, 19(4-5)：257-271.
Ponemon Institute, 2016, 2016 Cost of Data Breach Study: Global Analysis, Ponemon Institute LLC.
Ponemon Institute, 2017, 2017 Cost of Data Breach Study: Global Overview, Ponemon Institute LLC.
Ponemon Institute, 2017, The Impact of Data Breaches on Reputation & Share Value, Ponemon Institute LLC.
Ranganathan, C., & Brown, C. V. 2006. ERP investments and the market value of firms: Toward an understanding of influential ERP project variables. Information Systems Research, 17(2)：145-161.
Romanosky, S., Telang, R., & Acquisti, A. 2011. Do data breach disclosure laws reduce identity theft?. Journal of Policy Analysis and Management, 30(2)：256-286.
Rosenbaum, P. R., & Rubin, D. B. 1983. The central role of the propensity score in observational studies for causal effects. Biometrika, 70(1)：41-55.
Son, I., Lee, D., Lee, J. N., & Chang, Y. B. 2011. Understanding The Impact Of IT Service Innovation On Firm Performance: The Case Of Cloud Computing. In Proceedings of the PACIS.
Sonnenschein, R., Loske, A., & Buxmann, P. 2017. The Role of Top Managers’ IT Security Awareness in Organizational IT Security Management. Retrieved from https://aisel.aisnet.org/icis2017/Security/Presentations/13/
Spanos, G., & Angelis, L. 2016. The impact of information security events to the stock market: A systematic literature review. Computers & Security, 58：216-229.
Yayla, A. A., & Hu, Q. 2011. The impact of information security events on the stock value of firms: The effect of contingency factors. Journal of Information Technology, 26(1)： 60-77.
Zafar, H., Ko, M., & Osei-Bryson, K. M. 2012. Financial impact of information security breaches on breached firms and their non-breached competitors. Information Resources Management Journal (IRMJ), 25(1)：21-37.
ZIdafamor, E. 2015. The Economic and Organizational Impacts of IT Security Breaches. Retrieved from https://www.researchgate.net/profile/Emmanuel_Zidafamor/publication/283578988_The_Economic_and_Organizational_Impacts_of_IT_Security_Breaches/links/5640c6cb08aec448fa60098c/The-Economic-and-Organizational-Impacts-of-IT-Security-Breaches.p

指導教授

顏如君(Ju-Chun Yen)

審核日期

2018-7-25

推文