{"publisher":"Information Institute Publishing, Washington DC, USA","date_updated":"2022-01-06T06:52:47Z","intvolume":"        16","citation":{"ama":"Szubartowicz E, Schryen G. Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements. <i>Journal of Information System Security</i>. 2020;16(1):3-31.","apa":"Szubartowicz, E., &#38; Schryen, G. (2020). Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements. <i>Journal of Information System Security</i>, <i>16</i>(1), 3–31.","ieee":"E. Szubartowicz and G. Schryen, “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements,” <i>Journal of Information System Security</i>, vol. 16, no. 1, pp. 3–31, 2020.","bibtex":"@article{Szubartowicz_Schryen_2020, title={Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements}, volume={16}, number={1}, journal={Journal of Information System Security}, publisher={Information Institute Publishing, Washington DC, USA}, author={Szubartowicz, Eva and Schryen, Guido}, year={2020}, pages={3–31} }","mla":"Szubartowicz, Eva, and Guido Schryen. “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements.” <i>Journal of Information System Security</i>, vol. 16, no. 1, Information Institute Publishing, Washington DC, USA, 2020, pp. 3–31.","chicago":"Szubartowicz, Eva, and Guido Schryen. “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements.” <i>Journal of Information System Security</i> 16, no. 1 (2020): 3–31.","short":"E. Szubartowicz, G. Schryen, Journal of Information System Security 16 (2020) 3–31."},"file_date_updated":"2020-03-05T10:35:49Z","status":"public","oa":"1","publication":"Journal of Information System Security","department":[{"_id":"277"}],"page":"3 - 31","year":"2020","has_accepted_license":"1","keyword":["Event Study","Information Security","Investment Announcements","Stock Price Reaction","Value of Information Security Investments"],"language":[{"iso":"eng"}],"volume":16,"issue":"1","_id":"16249","ddc":["000"],"file":[{"file_id":"16250","relation":"main_file","date_created":"2020-03-05T10:26:11Z","file_name":"Timing in Information Security - JISSEC format PREPUBLICATION.pdf","content_type":"application/pdf","date_updated":"2020-03-05T10:35:49Z","access_level":"open_access","creator":"hsiemes","file_size":478056}],"date_created":"2020-03-05T10:29:00Z","title":"Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements","author":[{"first_name":"Eva","full_name":"Szubartowicz, Eva","last_name":"Szubartowicz"},{"last_name":"Schryen","full_name":"Schryen, Guido","first_name":"Guido","id":"72850"}],"type":"journal_article","user_id":"61579","abstract":[{"text":"Timing plays a crucial role in the context of information security investments. We regard timing in two dimensions, namely the time of announcement in relation to the time of investment and the time of announcement in relation to the time of a fundamental security incident. The financial value of information security investments is assessed by examining the relationship between the investment announcements and their stock market reaction focusing on the two time dimensions. Using an event study methodology, we found that both dimensions influence the stock market return of the investing organization. Our results indicate that (1) after fundamental security incidents in a given industry, the stock price will react more positively to a firm’s announcement of actual information security investments than to announcements of the intention to invest; (2) the stock price will react more positively to a firm’s announcements of the intention to invest after the fundamental security incident compared to before; and (3) the stock price will react more positively to a firm’s announcements of actual information security investments after the fundamental security incident compared to before. Overall, the lowest abnormal return can be expected when the intention to invest is announced before a fundamental information security incident and the highest return when actual investing after a fundamental information security incident in the respective industry.","lang":"eng"}]}