Does Ransomware Make Investors “WannaCry”? On Investors’ Divergent Reactions to Ransomware Hits and Near Misses
研究发现投资者对勒索软件攻击(导致运营中断)反应负面,股价下跌4.40%;但对险情事件(险些中断)却反应正面,股价上涨2.87%,揭示了结果偏差导致的非理性反应。
In recent years, ransomware has become one of the most dangerous cyber threats, with successful attacks causing severe operational disruptions and staggering damages. Rationally speaking, investors should react negatively to firms’ ransomware disclosures, but this may not always be the case. Based on norm theory, we describe a paradoxical phenomenon wherein investors exhibit negative reactions to ransomware hits (i.e., events that led to operational disruptions) but positive reactions to near misses (i.e., events in which operational disruptions were narrowly avoided). The positive reactions occur due to an outcome bias in which near-miss events—events that are objectively negative but less severe than expected—are viewed positively instead of negatively. We tested these predictions by reporting on an investigation of stock market reactions to disclosures of ransomware hits vs. near misses. To do so, we assembled a comprehensive dataset of ransomware incidents disclosed by U.S. public firms. Using the event study method, we estimated abnormal stock market returns and found evidence in support of our predictions. First, in line with expectations, ransomware hits that led to the expected severe impact resulted in stock price drops of -4.40%. However, near misses, where disruptions were avoided, were rewarded with gains of 2.87%, confirming positive instead of negative reactions. This offers new insights into investors’ biased responses to certain cybersecurity incidents. These positive reactions, however, represent a call for caution because, albeit seemingly favorable, they mask underlying risks.