Figure 1: Quantifying the Benefits of Information Security Investment

Similar documents
Relationship between Consumer Price Index (CPI) and Government Bonds

Forecasting the Philippine Stock Exchange Index using Time Series Analysis Box-Jenkins

ARIMA ANALYSIS WITH INTERVENTIONS / OUTLIERS

Long-run Consumption Risks in Assets Returns: Evidence from Economic Divisions

Determinants of Stock Prices in Ghana

MEASURING PORTFOLIO RISKS USING CONDITIONAL COPULA-AR-GARCH MODEL

Determinants of Merchandise Export Performance in Sri Lanka

Economics 413: Economic Forecast and Analysis Department of Economics, Finance and Legal Studies University of Alabama

Per Capita Housing Starts: Forecasting and the Effects of Interest Rate

Characteristics of the euro area business cycle in the 1990s

Leading Economic Indicators and a Probabilistic Approach to Estimating Market Tail Risk

ESTIMATING MONEY DEMAND FUNCTION OF BANGLADESH

Economics Letters 108 (2010) Contents lists available at ScienceDirect. Economics Letters. journal homepage:

Key Influences on Loan Pricing at Credit Unions and Banks

Lloyds TSB. Derek Hull, John Adam & Alastair Jones

Quantity versus Price Rationing of Credit: An Empirical Test

Public Expenditure on Capital Formation and Private Sector Productivity Growth: Evidence

Performance of Statistical Arbitrage in Future Markets

Comovement of Asian Stock Markets and the U.S. Influence *

Factor Affecting Yields for Treasury Bills In Pakistan?

Volatility in the Indian Financial Market Before, During and After the Global Financial Crisis

Seasonal Analysis of Abnormal Returns after Quarterly Earnings Announcements

IMPACT OF MACROECONOMIC VARIABLE ON STOCK MARKET RETURN AND ITS VOLATILITY

Yale ICF Working Paper No March 2003

INFLATION FORECASTS USING THE TIPS YIELD CURVE

User Guide of GARCH-MIDAS and DCC-MIDAS MATLAB Programs

A Predictive Model for Monthly Currency in Circulation in Ghana

DETERMINANTS OF BILATERAL TRADE BETWEEN CHINA AND YEMEN: EVIDENCE FROM VAR MODEL

Asian Economic and Financial Review SOURCES OF EXCHANGE RATE FLUCTUATION IN VIETNAM: AN APPLICATION OF THE SVAR MODEL

The Trend of the Gender Wage Gap Over the Business Cycle

The Impact of Institutional Investors on the Monday Seasonal*

1 Volatility Definition and Estimation

Personal income, stock market, and investor psychology

This homework assignment uses the material on pages ( A moving average ).

A measure of supercore inflation for the eurozone

CAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION

An Empirical Study on Forecasting Potato Prices in Tamil Nadu. National Academy of Agricultural Science (NAAS) Rating : 3. 03

Cointegration and Price Discovery between Equity and Mortgage REITs

Analysis of Volatility Spillover Effects. Using Trivariate GARCH Model

The Comovements Along the Term Structure of Oil Forwards in Periods of High and Low Volatility: How Tight Are They?

An Analysis of Spain s Sovereign Debt Risk Premium

What Drives the Earnings Announcement Premium?

Current Account Balances and Output Volatility

Financial Econometrics Notes. Kevin Sheppard University of Oxford

Construction of daily hedonic housing indexes for apartments in Sweden

Internet Appendix to Leverage Constraints and Asset Prices: Insights from Mutual Fund Risk Taking

Government Tax Revenue, Expenditure, and Debt in Sri Lanka : A Vector Autoregressive Model Analysis

COTTON: PHYSICAL PRICES BECOMING MORE RESPONSIVE TO FUTURES PRICES0F

How can saving deposit rate and Hang Seng Index affect housing prices : an empirical study in Hong Kong market

The University of Chicago, Booth School of Business Business 41202, Spring Quarter 2012, Mr. Ruey S. Tsay. Solutions to Final Exam

Received: 4 September Revised: 9 September Accepted: 19 September. Foreign Institutional Investment on Indian Capital Market: An Empirical Analysis

Uncertainty and the Transmission of Fiscal Policy

Contrarian Trades and Disposition Effect: Evidence from Online Trade Data. Abstract

Hedge Funds as International Liquidity Providers: Evidence from Convertible Bond Arbitrage in Canada

NCER Working Paper Series

Annex 1: Heterogeneous autonomous factors forecast

Further Test on Stock Liquidity Risk With a Relative Measure

STAT758. Final Project. Time series analysis of daily exchange rate between the British Pound and the. US dollar (GBP/USD)

AN ALM ANALYSIS OF PRIVATE EQUITY. Henk Hoek

THE DETERMINANTS OF BANK DEPOSIT VARIABILITY: A DEVELOPING COUNTRY CASE

Interactions between United States (VIX) and United Kingdom (VFTSE) Market Volatility: A Time Series Study

Lead-Lag Effects in Stock Returns: Evidence from Indonesia

Internet Appendix for: Cyclical Dispersion in Expected Defaults

CHAPTER 2. Hidden unemployment in Australia. William F. Mitchell

Yafu Zhao Department of Economics East Carolina University M.S. Research Paper. Abstract

Did the Stock Market Regime Change after the Inauguration of the New Cabinet in Japan?

DOES MONEY GRANGER CAUSE INFLATION IN THE EURO AREA?*

Interpreting the Value Effect Through the Q-theory: An Empirical Investigation 1

A Study on the Relationship between Monetary Policy Variables and Stock Market

Online Appendix to. The Value of Crowdsourced Earnings Forecasts

Research Article The Volatility of the Index of Shanghai Stock Market Research Based on ARCH and Its Extended Forms

Premium Timing with Valuation Ratios

Core Inflation and the Business Cycle

Internet Appendix to Credit Ratings across Asset Classes: A Long-Term Perspective 1

ECON 5010 Solutions to Problem Set #3

Business Cycles in Pakistan

Série Textos para Discussão

Assessing the reliability of regression-based estimates of risk

Forecasting Exchange Rate between Thai Baht and the US Dollar Using Time Series Analysis

FBBABLLR1CBQ_US Commercial Banks: Assets - Bank Credit - Loans and Leases - Residential Real Estate (Bil, $, SA)

MODELING VOLATILITY OF US CONSUMER CREDIT SERIES

Common Risk Factors in the Cross-Section of Corporate Bond Returns

Internet Appendix for: Cyclical Dispersion in Expected Defaults

On the economic significance of stock return predictability: Evidence from macroeconomic state variables

BIS working paper No. 271 February 2009 joint with M. Loretan, J. Gyntelberg and E. Chan of the BIS

Panel Regression of Out-of-the-Money S&P 500 Index Put Options Prices

Chapter IV. Forecasting Daily and Weekly Stock Returns

TRANSACTION- BASED PRICE INDICES

The Benefits of Dynamic Factor Weights

The University of Chicago, Booth School of Business Business 41202, Spring Quarter 2011, Mr. Ruey S. Tsay. Solutions to Final Exam.

An Empirical Analysis of the Relationship between Macroeconomic Variables and Stock Prices in Bangladesh

Exploring the Formation of Inflation Expectations in Jamaica: A Pragmatic Approach

Relationship between Zambias Exchange Rates and the Trade Balance J Curve Hypothesis

The cross section of expected stock returns

1. Logit and Linear Probability Models

Booth School of Business, University of Chicago Business 41202, Spring Quarter 2014, Mr. Ruey S. Tsay. Solutions to Midterm

THE CREDIT CYCLE and the BUSINESS CYCLE in the ECONOMY of TURKEY

Web Appendix. Are the effects of monetary policy shocks big or small? Olivier Coibion

Real Estate Ownership by Non-Real Estate Firms: The Impact on Firm Returns

BANK OF CANADA RENEWAL OF BACKGROUND INFORMATION THE INFLATION-CONTROL TARGET. May 2001

Transcription:

determined by several b annual IDC and Gartner surveys) constitutes a good measure of overall investment in information security. In order to ensure that the revenues are only related to information security, and not other IT products and services, we select thirty public information security firms who control more than 50% market share of the information security sector and who offer no other IT products. These firms fall into three main information security market segments, namely content security, identity and access management (IDAM), and network security (the latter includes technologies such as VPN, SSL, and intrusion detection and prevention). For the content security segment, our sample includes Symantec, McAfee and Trend Micro who have traditionally controlled a significant share of the market (for instance, a combined 53.8% of the content security market in 2006 according to Canalys c ). The IDAM market segment includes the most influential players such as Entrust, Internet Security Systems, RSA Security, WatchGuard Technologies, and Secure Computing. For network security, we include companies such as Check Point Software, Network Engines, and SonicWALL. Although some of the firms in the sample, such as RSA, were acquired recently, we are fortunate that our analysis covers the period until their acquisition became effective. The acquiring firms offer other than information security products and services, so including their revenues beyond this point would result in a noisy and inaccurate measure of information security investment. The selected firms are mostly US-based (except for Checkpoint Software) but their customers are worldwide, so the revenues of these firms capture worldwide demand for information security products and services, which is consistent with the boundary-less characteristics of the Internet. Severity of Malicious Attacks. We compile 6,400 instances of malicious attacks, (as is done in 11 ), from the Web site of Symantec, d the leading antivirus b For example, Worldwide Identity and Access Management 2007 2011 Forecast with Submarket Segments c http://www.canalys.com/pr/2007/r2007032.htm d http://www.symantec.com/business/security_response/ threatexplorer/azlisting.jsp Figure 1: Quantifying the Benefits of Information Security Investment service provider, covering the period from January 1998 to December 2006. Their severity levels were rated by subject matter experts, based on three attributes, namely wildness, destructiveness, and distribution. Wildness refers to the extent to which a threat has already spread among computer users; destructiveness is an assessment of the damage that a given infection could cause; and distribution refers to how quickly a malicious entity spreads itself. The estimated severity comes in the form of a linguistic variable that takes values from the set S = {Low, Medium, High}. Many authors 6 have argued that fuzzy logic is ideal for representing and processing such linguistic terms. We represent the linguistic variable using trapezoidal fuzzy numbers for ease of analysis. e Multiple malicious attacks could strike on the same day. Also, since revenues are reported quarterly, we use a fuzzy weighted sum method 1 for aggregating the data on a quarterly basis. The fuzzy sets resulting from the aggregation, which is implemented in Mathematica s Fuzzy Logic Toolbox, f are defuzzified using the centroid method. 1 For a quick cross validation of our compiled severity dataset, we relate the yearly-aggregated time series of the severity of malicious attacks to dollar losses data from the CSI/FBI (http://www.gocsi.com/) reports from 1998 to 2006. These data encompass the types of malicious attacks under study and are based upon surveys conducted by experts in the information security field. We find a correlation of 0.58 (significant beyond the 0.1 level) despite the small sample size of the dataset. e http://www.wolfram.com/products/applications/ fuzzylogic f http://www.wolfram.com/products/applications/ fuzzylogic Analysis and Results Figure 1 summarizes the framework of our empirical research. First, we postulate that investment in information security increases the revenues of information security firms, in turn boosting their present and forecasted fundamentals and positively impacting their stock price. This is indicative that the market performance of the information security sector is demanddriven, consistent with, 5 which shows stock prices have been more sensitive to demand-driven output fluctuations than to supply-driven variations. Second, we hypothesize that when firms acquire protection against malicious attacks, they avoid the potential adverse effects of security breaches on their stock price. Time Series Models for Forecasting We use both time series and vector auto-regression (VAR) analyses to demonstrate the benefits of investing in information security. All quarterly revenues and stock market data from 1998 to 2006 are gathered from the CRSP g database. A summary of the variables used in the analyses follows: 1. Revenues: the sum of the quarterly revenues of the thirty selected information security firms. 2. Market Return: the quarterly NAS- DAQ Composite Index, which is composed of technology stocks, including information security. Previous research has established that NASDAQ is representative of the worldwide technology stock market. For example, Jeon and Jang 7 showed that NASDAQ affects the Korean market at every level of aggregation, and that no significant reverse effect existed. 3. Stock Price: the average of the quarterly stock price of the firms in the sample. g The Center for Research in Security Prices (CRSP) maintains one the most comprehensive collection of financial and economic data. 114 communications of the acm november 2009 vol. 52 no. 11

Figure 2: Plots of the Revenues, Severity, Stock Price, and Market Return Time Series 4. Severity: the quarterly-aggregated severity of malicious attacks. Figure 2, which plots the time series of all four variables, reveals that the revenues of information security firms have followed an increasing trend over the past eight years. Given that the collected revenues represent the majority but not the entirety of the sales of the information security sector, the increasing investment trend bears proof that the information security sector is consolidating. This is expected since, in addition to the existing customers who need to upgrade their products, newer firms are investing to acquire protection. Prior to relating the Revenues, Se verity, and Stock Price time series, using VAR analysis, we ensure the series are stationary and account for seasonality, if any. The Revenues and Severity time series trend upward and do not revolve around a fixed mean over time. Further the autocorrelation functions of both time series decay slowly to zero, with autocorrelations exceeding twice their Table 1: AR Model for Differenced Severity Table 2: AR Model with Seasonal Variation for Differenced Revenues corresponding standard errors past lag. 6 This confirms that the means of both time series are non-stationary. Similarly, an examination of the autocorrelation function of the Stock Price time series reveals high first-order autocorrelation. Following the Box and Jenkins approach, 10 we perform first-order differencing of all three time series to make them stationary. After differencing, the Revenues and Severity time series appear to be highly correlated with a lag effect. The Revenues and Severity time series models serve as benchmarks, with which to compare the fit and accuracy of the VAR model. We use Lag i to denote a shift back by i time periods and Diff i to denote ith order differencing. The differenced Severity time series follows an autoregressive (AR) process, whose estimates are shown in Table 1. The AR model allows forecasting the severity of current malicious attacks from the time series past values. The model corresponds to the lowest Akaike information criterion (AIC) value of 8.81 (AIC is a measure of the goodness of fit of the model 10 ) and a standard error of 78.37. Coefficients are significant beyond the 5% significance level. The differenced Revenues time series appears to exhibit seasonality, which we capture using a set of quarterly dummy variables to account for the seasonal pattern. These variables are Q 1,t, Q 2,t, Q 3,t, where Q i,t, = { 1 when t is an i quarter, 1 i 3. 0 otherwise Table 2 gives the significant coefficients and their estimates. The constant variable in the model represents the change in the revenue level during fourth quarters. Q 1,t, Q 2,t, and Q 3,t, are the amounts that must be added to these fourth quarter predictions to obtain the model s prediction for the first, second, and third quarters respectively. The coefficients in Table 2 are significant beyond the 1% significance level, with a standard error of 185.89 and an AIC value of 10.58. The negative sign on Q 1,t suggests that the incremental revenues in the first quarter is, on average, below the fourth quarter average prediction, consistent with the findings of UBS Research. h Next we use VAR analysis to relate each variable to its own lagged value as well as to the lagged values of the other two variables. Relating Revenues, Severity, and Stock Price using VAR Analysis. The results of the VAR analysis shown in Table 3 are based on the multivariate h Is there a Fourth Quarter IT Anomaly? november 2009 vol. 52 no. 11 communications of the acm 115

model with the smallest AIC of 20.11. Coefficients are significant beyond the 5% significance level and standard errors are mostly lower than those of the corresponding time series models. The differenced revenues and stock prices in the 4 th quarter appear to be higher than what they are in other quarters, as shown in the negative dummy variables of the differenced Revenues. A more interesting finding in Table 3 suggests that investment in information security has been instrumental in reducing the severity of malicious attacks in the short term (lag = 1 quarter; an average incremental reduction of 47.21%). Further, increased revenues translate into higher stock prices (lag = 3 quarters; average incremental increase of 0.61%). We conjecture that this increase in market value is actually an aggregation of prior incremental increases, as it has been shown there is an inherent momentum in the stock market s reactions. The information transfer effect, discussed in prior literature, 3 is also reflected in Table 3 in the form of incremental stock price increases for information security firms (1.79%; lag = 2 quarters). Upon relating the severity of malicious attacks, post-differencing, to the value-weighted NASDAQ return, we find a negative overall correlation (-.52; p- value = 0.03). We conjecture that the increase in the stock price of information security firms, such as the information transfer effect, is overshadowed by the reduction in the market value of firms who were breached. Finally, to complete the validation of the framework in Figure 1, we report that the valueweighted NASDAQ return and the differenced stock prices of information security firms, post-differencing, are highly correlated (0.78; p-value < 0.00), which is expected given that some of the information security firms in the sample are part of NASDAQ. Next, we extend our analyses by investigating how our results differ across the three identified information security segments, namely content security, IDAM, and network security. Table 3: Results of VAR Analysis for Overall Information Security Sector Figure 3: Investment Trends by Market Segment Dissecting Information Security Segments. We repeat our analysis over the samples of firms covering the three market segments identified in the study. The influence of investment on reducing severity is the highest in the content security segment with a 33.23% incremental reduction (lag = 1 quarter; p-value < 0.00), followed by a 23.78% incremental reduction for IDAM (lag = 1 quarter; p-value = 0.03), and a 24.02% incremental reduction for network security, significant only at the 10% level 116 communications of the acm november 2009 vol. 52 no. 11

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback