Abstract
Cybersecurity incidents, like data breaches and ransomware, are on the rise, and their consequences can affect companies from different perspectives. On the one hand, a well-known consequence involves the technical aspects of ensuring the continuity of companies’ operations. On the other hand, cybersecurity incidents’ repercussions can impact companies’ stock market value and negatively influence customers’ perceptions about companies’ reputations. Currently, social media platforms establish an additional concern for companies because of their capability to intensify incident reactions. This study analyzed tweets, news, and stock prices associated with four Brazilian organizations’ victims of data breaches and ransomware to answer the research question: what are the impacts of cybersecurity incidents’ public consequences on the reputation and the stock value of Brazilian organizations? Through the analysis performed, we proposed an anatomy of incidents’ repercussions covering aspects like the main events observed in the timelines and peculiarities of every incident type. The stock share prices analysis did not allow us to infer a relationship between the disclosure of incidents and stock values. By assessing Twitter’s user-generated content, we observed that data breaches reverberate more than ransomware.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The following link introduces the Twitter API version 2: https://developer.twitter.com/en/docs/twitter-api.
We collected the stock information from B3, the Brazilian stock exchange, using Yahoo services at https://br.financas.yahoo.com.
The news analyzed in this study was collected using the platform published by Google: https://news.google.com.
Tweets and news used in the analysis are available on https://github.com/VitoriaLemos/Unisinos-PFII.
The Python scripts developed by authors are available in the following GitHub repository: https://github.com/VitoriaLemos/Unisinos-PFII.
The Text Analytics features made available as part of the Cognitive Service for Language are explained at https://azure.microsoft.com/en-us/services/cognitive-services/text-analytics/.
References
Bachura E, Valecha R, Chen R, Rao HR (2022) The OPM data breach: an investigation of shared emotional reactions on twitter. MIS Q 46(2):881–910
Bardin L (2011) Organização da análise. Anál Conteúdo. São Paulo Edições 70:229
Barrett MP (2018) Framework for improving critical infrastructure cybersecurity version 1.1
Bederna Z, Szádeczky T (2023) Managing the financial impact of cybersecurity incidents. Secur Def Q 41(1):15–35
Biancovilli P, Makszin L, Amer F, Csongor A (2022) Celebrities and breast cancer: a multidimensional quali-quantitative analysis of news stories shared on social media. Int J Environ Res Public Health 19(15):9676
Blaya C (2019) Cyberhate: a review and content analysis of intervention strategies. Aggress Viol Behav 45:163–172
BleepingComputer (2021) Eletrobras, copel energy companies hit by ransomware attacks. https://www.bleepingcomputer.com/news/security/eletrobras-copelenergy-companies-hit-by-ransomware-attacks/
Boeckl KR, Lefkovitz NB (2020) Nist privacy framework: a tool for improving privacy through enterprise risk management, version 1.0
Brasil Econômico (2022) Bolsonaro e mais 100 milhões de pessoas tiveram os dados de celulares vazados. https://tecnologia.ig.com.br/2021-02-10/bolsonaro-e-mais-cem-milhoesde-pessoas-tiveram-os-dados-de-celulares-vazados.html
Brindha R, Nandagopal S, Azath H, Sathana V, Joshi GP, Kim SW (2023) Intelligent deep learning based cybersecurity phishing email detection and classification. CMC Comput Mater Continua 74(3):5901–5914
Caregnato RCA, Mutti R (2006) Pesquisa qualitativa: análise de discurso versus análise de conteúdo. Universidade Federal de Santa Catarina, Programa de Pós Graduação em Enfermagem
Centrify (2017) The impact of data breaches on reputation & share value
Confente I, Siciliano GG, Gaudenzi B, Eickhoff M (2019) Effects of data breaches from user-generated content: a corporate reputation analysis. Eur Manag J 37(4):492–504
Couce-Vieira A, Insua DR, Kosgodagan A (2020) Assessing and forecasting cybersecurity impacts. Decis Anal 17(4):356–374
Cybercrime Magazine (2020) Cybercrime to cost the world \$10.5 trillion annually by 2025
dos Santos FM (2012) Análise de conteúdo: a visão de Laurence Bardin
Emsisoft (2021) The cost of ransomware in 2021: A country-by-country analysis: Emsisoft: Security blog. https://blog.emsisoft.com/en/38426/the-cost-of-ransomware-in-2021-acountry-by-country-analysis/
García JMG-V, García-Carmona M, Trujillo Torres JM, Moya-Fernández P (2022) Teacher training for educational change: the view of international experts. Contemp Educ Technol 14(1)
IBM (2020) What is natural language processing? https://www.ibm.com/cloud/learn/natural-language-processing
IBM Security (2022) Cost of a data breach report 2022. https://www.ibm.com/reports/data-breach
Iosifidis P, Nicoli N (2020) The battle to end fake news: a qualitative content analysis of Facebook announcements on how it combats disinformation. Int Commun Gaz 82(1):60–81
Jarjoui S, Murimi R, Murimi R (2021) Hold my beer: a case study of how ransomware affected an Australian beverage company. In: 2021 International conference on cyber situational awareness, data analytics and assessment (cybersa), pp 1–6
Jorge S, Nogueira S, Jesus MA (2023) Financial information use in parliamentary debates in a changing context. Public Organization Review, pp 1–28
Kaspersky (2021) How data breaches happen. https://www.kaspersky.com/resource-center/definitions/data-breach
National Cyber Security Centre (2018) What is a cyber incident. online. https://www.ncsc.gov.uk/information/what-cyberincident
Newman CA, Messing MJ (2018) Bull or bear? How the market reacts to data breach news. https://corpgov.law.harvard.edu/2018/11/20/bull-or-bear-how-themarket-reacts-to-data-breach-news/
NIS Cooperation Group (2018) Cybersecurity incident taxonomy—European commission. https://ec.europa.eu/
Onwuegbuzie A, Leech N, Collins K (2015) Qualitative analysis techniques for the review of the literature. The Qualitative Report
Perera S, Jin X, Maurushat A, Opoku D-GJ (2022) Factors affecting reputational damage to organisations due to cyberattacks. Informatics 9:28
Reinsel D, Gantz J, Rydning J (2017) Data age 2025: the evolution of data to life-critical. IDC White Paper. https://www.import.io/wp-content/uploads/2017/04/Seagate-WPDataAge2025-March-2017.pdf
Sandescu C, Dinisor A, Vladescu C-V, Grigorescu O, Corlatescu D, Dascalu M, Rughinis R (2022) Extracting exploits and attack vectors from cybersecurity news using nlp. UPB Sci Bull Ser C Electr Eng Comput Sci Politech Univ Buchar 84(2):63–78
Schlackl F, Link N, Hoehle H (2022) Antecedents and consequences of data breaches: a systematic review. Inf Manag 59:103638
Sinanaj G, Muntermann J, Cziesla T (2015) How data breaches ruin firm reputation on social media!-insights from a sentiment-based event study. Wirtschaftsinformatik 2015:902–916
Sinanaj G, Zafar H (2016) Who wins in a data breach?-a comparative study on the intangible costs of data breach incidents. Pacis, p 60
Syed R (2019) Enterprise reputation threats on social media: a case of data breach framing. J Strateg Inf Syst 28(3):257–274
Syed R, Dhillon G (2015) Dynamics of data breaches in online social networks: understanding threats to organizational information security reputation
Tayaksi C, Ada E, Kazancoglu Y, Sagnak M (2022) The financial impacts of information systems security breaches on publicly traded companies: reactions of different sectors. J Enterp Inf Manag 35(2):650–668
Trellix (2021) What is ransomware? https://www.mcafee.com/enterprise/en-us/securityawareness/ransomware.html
Tweneboah-Kodua S, Atsu F, Buchanan W (2018) Impact of cyberattacks on stock performance: a comparative study. Inf Comput Secur 26:637–652
Yayla AA, Hu Q (2011) The impact of information security events on the stock value of firms: the effect of contingency factors. J Inf Technol 26(1):60–77
Author information
Authors and Affiliations
Contributions
VL wrote the main manuscript text and prepared the figures. All authors reviewed the manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no competing interests.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
de Lemos, V., Ignaczak, L. An analysis of the public consequences of cybersecurity incidents in Brazil. Soc. Netw. Anal. Min. 13, 106 (2023). https://doi.org/10.1007/s13278-023-01113-9
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13278-023-01113-9