‘We are very pleased that our work attracts this type of attention. Part of the prize was the opportunity to present the master's thesis to ISACA's members, which include heads of IT security and IT security personnel from some of Norway's biggest enterprises and institutions. It was amazing to hear that our thesis is relevant to their data security work,’ says Embla Jansen.

Embla Jansen (24) and Stine-Mari Stavik recently received the ISACA Norway Chapter's award for best master's thesis for 2021. The prize is NOK 20,000.

They both majored in Financial Economics at NHH and are deeply interested in technology. Stavik, who is from Florø, now works as a business analyst for Bearingpoint, and Jansen, who comes from Bærum, is a strategy analyst with Accenture.

ISACA Norway Chapter is a professional association that works to promote and raise awareness of professions in the fields of IT auditing, control and security in Norway.

THE SHARE VALUE DROPPED BY 1.7 PER CENT

The master's thesis ‘What the Hack? An Empirical Analysis of the Stock Market Reactions to Hacking Announcements’ investigates the stock market's reactions to cyberattacks. Among other things, they look at the role consumers and regulatory agencies play in inflicting financial consequences on companies that have been hacked.

The thesis investigates 42 of the world's biggest cyberattacks during the period from 2007 to 2020. The former NHH students found that, on average, the share value of companies dropped by 1.7 per cent on the first trading day following the hacking announcements. The effect persisted for the next ten days.

‘We found that larger cyberattacks were associated with greater falls in share value. The most surprising finding was probably that we didn't find stronger stock market reactions after the introduction of GDPR in 2018 compared with before,’ says Stavik.

FOCUS ON COSTS

Last year, when Jansen and Stavik were choosing the topic for their master's thesis, several major cyberattacks were in the news. At the same time, they were themselves uploading personal information through digital channels almost daily.

‘We therefore read the news of hacks with a mix of curiosity and concern. This awoke our interest in Steffen Juranek and Carsten Bienz’s suggestion to conduct a study to estimate the costs of cyberattacks,’ says Jansen.

WANT TO RAISE AWARENESS

The former students believe that their thesis contributes a fresh perspective on the costs of being hacked. They find that it is difficult to set a price tag on the increased costs and loss of income that affect companies in the wake of a cyberattack.

‘We're not the first people to investigate this topic, but we are the first to do so using the world's biggest recent cyberattacks involving leaks of personal data. By putting a price tag on cyberattacks, we wanted to raise awareness at company management level about the necessity of weighing investments in data security against carrying the costs of being hacked,’ says Stavik.

The supervisors were Steffen Juranek of the Department of Business and Management Science and Carsten Bienz of the Department of Finance.



• Share on Facebook
• Share on Twitter
• Share on LinkedIn
• Share by e-mail