The impact of GDPR infringement fines on the market value of firms
Information and Computer Security
ISSN: 2056-4961
Article publication date: 7 September 2022
Issue publication date: 9 February 2023
Abstract
Purpose
This paper aims to investigate the impact of the General Data Protection Regulation (GDPR) infringement fine announcements on the market value of mostly European publicly listed companies with a view to reinforcing the importance of data privacy compliance, thereby informing cyber security investment strategies for organisations.
Design/methodology/approach
Previous studies have shown (varying degrees of) evidence of a negative impact of data breach announcements on the share price of publicly listed companies. Following on from this research, further studies have been carried out in assessing the economic impact of the introduction of legislation in this area to encourage firms to invest in cyber security and protect the privacy of data subjects. Existing research has been predominantly US centric.
Findings
Using event study techniques, a data set of 25 GDPR fine announcement events was analysed, and statistically significant cumulative abnormal returns of around 1% on average up to three days after the event were identified. In almost all cases, this negative economic impact on market value far outweighed the monetary value of the fine itself, and relatively minor fines could result in major market valuation losses for companies, even those having large market capitalisations.
Originality/value
This research would be of benefit to business management, practitioners of cyber security, investors and shareholders as well as researchers in cyber security or related fields (pointers to future research are given). Data protection authorities may also find this work of interest.
Keywords
Acknowledgements
The authors wish to thank the anonymous reviewers for their helpful and constructive feedback. The authors are also grateful to the reviewers and participants of the 20th European Conference on Cyber Warfare and Security (Ford et al., 2021a) for their valuable input.
Citation
Ford, A., Al-Nemrat, A., Ghorashi, S.A. and Davidson, J. (2023), "The impact of GDPR infringement fines on the market value of firms", Information and Computer Security, Vol. 31 No. 1, pp. 51-64. https://doi.org/10.1108/ICS-03-2022-0049
Publisher
:Emerald Publishing Limited
Copyright © 2020, Emerald Publishing Limited