Profiting from cyber attacks by competitors


An intensive study of the possibility of the above issue shows that rival firms profit from the misfortune of their rivals. The study shows that employees of both competing firms made abnormal profits by trading shares in the affected company before the company officially announced to the public that it had been attacked. Using a recent stock trading transaction between a former senior executive of a biopharmaceutical company and the breached competitor company, the Securities and Exchange Commission (SEC) found that the former senior executive profited by trading in the breached competitor company's stock based on his confidential information about the competitor's misfortune.

Similarly, in its report, the Privacy Right Clearinghouse (PRC), after analyzing the transactions that took place within rival companies that suffered cyber-attacks, found that peer insiders earned 4.5% higher market-adjusted abnormal buy-and-hold returns over 180 calendar days than those who traded after the date of the disclosure of the cyber-attack by the affected company. Peer insiders took advantage of their rival's misfortune to trade their shares, which could be negatively affected after the official disclosure.

Their profit margins are directly affected by the severity of the attack. Rather, they have two choices, depending on their company's exposure to cyber risk, to maximize their profit before the official disclosure date. They either sell when the risk is higher or buy when the firms' exposure to cyber risk is lower.

Further research shows that employees of competing firms receive this first-hand, private information about their rival's misfortune, mostly because of the relationship they've built up in non-work activities. Sharing a common educational background or being on the same team or club outside of work allows for the possible disclosure of private things between employees than when they have a professional relationship.