МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
81
CYBERSECURITY BREACHES AND THEIR MACROECONOMIC
IMPACT ON FINANCIAL MARKETS
Boymuhamedov Komronbek Dilmurod ogli
Student of Tashkent State University of Economics
https://doi.org/10.5281/zenodo.15687732
Abstract.
Cyberattacks are now typical high-impact events that can
propagate through financial markets and the whole economy. This article
combines existing research on event‐study analyses of cyberattacks, with focus
that firms that suffer publicly disclosed breaches typically suffer short‐term
negative abnormal returns and volatility spikes. We also address
macroprudential issues: the authorities and the evidence find that central digital
interdependencies may amplify a serious breach into systemic instability. With a
conceptual event-study design (Figure 1), we outline the way in which
researchers test abnormal returns during event windows. We examine evidence
of cyber risk and regulatory reform reaction in the marketplace (e.g., the EU NIS
Directive and emerging SEC disclosure regulations). Two case narratives
(SolarWinds, Dec 2020 and Colonial Pipeline, May 2021) report breach events,
market reactions, and policy implications. The results show that while
flamboyant cyber incidents dent firm prices and potentially induce cross-sector
spillovers, robust disclosure and resiliency policies are necessary to mitigate
systemic vulnerabilities. The article concludes with implications for financial
stability, investor sentiment, and recommendations for future research in cyber
risk in macro-finance.
Index Terms
- cybersecurity, macroeconomics, finance, cyberattacks
I
NTRODUCTION
Information systems form the core of contemporary financial
infrastructure, facilitating everything from high-frequency trade to real-time
settlement of payments. But this heavy dependency also makes the financial
system vulnerable to cyberattacks. Over the last few years, cybersecurity events
have rose exponentially, example is even international institutions which
recorded a dramatic increase in both frequency and severity. According to the
International Monetary Fund (IMF), the overall count of reported cyber events
has nearly doubled since the start of the COVID-19 pandemic [1]
i
. Notably,
financial institutions are the cause of roughly one-fifth of these events, which is
consistent with their attractiveness as high-value targets given the sensitive data
and systemic functions they have to handle.
МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
82
While the most of cyberattacks are simply localized or have limited impact,
increasingly high-profile attacks are demonstrating the ability to spread widely.
Ransomware, supply-chain attacks, and state-sponsored incursions now pose
genuine threats to financial stability [2]
ii
. High-profile cybersecurity incidents,
like the SolarWinds attack in December 2020 and the May 2021 Colonial
Pipeline ransomware attack, have illustrated the way cyber vulnerabilities can
metastasize into systemic events, worsening investor confidence, bringing
critical services to a standstill, and inducing cascading effects across markets
and industries.
Our study examines the macro-financial implications of these types of cyber
events, and poses the question: How do major cybersecurity incidents impact
financial markets at a macroeconomic level? Employing an event-study
methodology, we examine three central research questions:
(1) How does the initial stock market response to publicly disclosed cyber
breaches look like?
(2) Do breaches translate into broader sectoral or systemic spillovers
beyond the affected firms?
(3) What do these findings tell us about financial regulation, market
stability, and systemic risk management?
In response to these questions, we explore abnormal returns and volatility
patterns surrounding the announcements of major breaches through empirical
evidence and individual-case histories. The article also locates findings within
the evolving global regulation landscape—taking into account tools such as the
EU 2016 Directive on Security of Network and Information Systems (NIS
Directive), and the United States Securities and Exchange Commission 2023
cybersecurity disclosure requirements. Along the way, we aim to contribute to
the literature on cyber risk in the financial system, identify regulatory blind
spots, and provide recommendations for future research and policy-making.
L
ITERATURE REVIEW
Event Studies and Market Reaction to Cyber Risk:
Event-study methodology (e.g. MacKinlay, 1997) estimates an event's
impact by measuring abnormal returns, i.e., the difference between the actual
stock returns and the expected returns if the event did not take place. In
practice, normal returns often get estimated using the market model from
market indices. Empirical work with this model on data breaches documents
systematic effects: target firms suffer statistically significant stock declines at
disclosure, often on the order of a few percent in the subsequent days. For
МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
83
example, Tosun (2021) discovers that breaches make daily excess returns fall,
trading volume surges (an indicator of sell pressure), and bids‐ask spreads
tighten (increased liquidity) on the announcement day [3]
iii
. Corbet and
Gurdgiev (2019) also note that target firms experience volatility spikes during
cybercrime news. These results are in line with the perspective that security
breaches are unexpected adverse reputation shocks to companies. Notably,
event studies also reveal heterogeneity: larger firms with higher leverage,
Tobin's Q, or profitability undergo larger abnormal drops and trading responses
relative to smaller firms. In total, literature agrees on short-term adverse price
impacts and higher volatility for firms that have been victims of cyber-attacks.
Systemic Risk and Sectoral Spillovers:
Apart from firm-level consequences, observers caution that cyber-attacks
can trigger broader instability. Financial systems depend on critical ICT
infrastructure, so shocks that "encrypt or destroy" vital data can spread through
payment, clearing, and credit systems. The European Systemic Risk Board
(ESRB) views cyber risk as a potential source of systemic financial risk: in
extremis, a cyberattack could erode confidence in banks or markets, creating
amplification akin to a traditional financial crisis [4]
iv
. The IMF also warns that
while past cyber incidents haven't been fully systemic, a severe attack on a
major institution "could pose an acute threat to macro financial stability through
a loss of confidence, the disruption of essential services, and.
interconnectedness." [5]
v
Empirical research on macro spillovers is in its infancy
but growing. One recent Fed study illustrates that cyber risk is indeed
endogenous to financial conditions: breaches can have more adverse effects
when markets are stressed. Sectorally, energy, utilities, and transportation
systems emerge as vulnerable: e.g., a hack of a fuel pipeline (Colonial Pipeline,
2021) caused U.S. gasoline price spikes and shortages, illustrating how a breach
in one sector ripples through others. Briefly put, scholars note that cyber
incidents can, in principle, spread beyond the victim via network effects and
confidence channels, while empirical quantification of such spillovers remains
an open issue.
Regulatory and Policy Responses:
Governments and regulators have responded to cyber risk through new
disclosure obligations and security requirements. The NIS Directive (2016) of
the EU was one of the first supranational laws requiring operators of essential
services (energy, finance, telecoms, etc.) to report major incidents and improve
cybersecurity [6]
vi
. In the US, the SEC finalized rules in July 2023 requiring
МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
84
public companies to disclose material cybersecurity incidents in 8-K filings
within four business days, and to describe their risk management policies in
annual reports [7]
vii
. The regulator pointed out that data loss can be as real as
physical asset loss. Other initiatives (ENISA, ECB guidelines, Financial Stability
Board cyber lexicon) point toward harmonized standards. Despite these
measures, scholars point out lacunae: too many firms still underinvest in
security (due to externalities and risk underestimation), and there is a question
mark regarding optimal disclosure timing and market discipline.
Gaps in Literature:
While numerous event studies document firm-level stock reactions to
cyber-attacks, few integrate them with macro analysis. Most examine the days
immediately around announcements, which begs the question of longer-term or
economy-wide effects. In particular, the connection between cyber-attacks and
systemic stability – how shocks propagate through financial networks and affect
macro variables – is underexplored in empirical work. This paper closes these
gaps by conceptually linking event-study findings to macro-prudential
implications and scrutinizing closely two high-profile breach cases.
M
ETHODOLOGY
We employ a conceptual event-study design to organize the analysis (Figure
1). Event studies entail identifying the announcement date of a cybersecurity
breach and constructing an event window (e.g. days −1, +1 around public
disclosure) during which abnormal returns are measured. We assume a market
model (or equivalent expected-return model) to forecast normal returns using
pre-event data and then compute abnormal returns (AR) as the difference
between actual and normal returns. These single-day ARs can be accumulated
into cumulative abnormal returns (CARs) over the window. In empirical
research, researchers can also accumulate ARs cross-sectionally into average
abnormal returns (AARs) or cumulative average abnormal returns (CAARs) if
multiple breach events are pooled. Figure 1 below illustrates the standard
workflow: choosing the model (e.g. market model regression), defining
estimation and event windows, computing ARs/CARs, and statistical significance
testing.
МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
85
Figure 1: Conceptual Event‐Study Flowchart.
https://www.eventstudytools.com/introduction-event-study-methodology
While we do not perform original data analysis, this framework guides our
synthesis. We conceptually think of developing daily stock return time series,
market indices, and macro series (i.e. sector indexes or GDP proxies) to estimate
violation effects. For volatility research, one could analogously compute
abnormal stock volatility changes or bid-ask spread changes around the event.
To quantify spillovers, a researcher can regress sectoral returns or macro
variables (e.g. oil prices, consumer spending) on breach events and controls.
Short of actual regressions, we summarize qualitative results from such
conceptual exercises. Finally, we use a case-study approach for SolarWinds and
Colonial Pipeline: for each, we collect event timelines and post-mortem reports
to narrate market and policy outcomes.
A
NALYSIS AND
D
ISCUSSION
A.
Abnormal Returns and Volatility
The literature shows that cyber breach announcements typically trigger
negative abnormal returns and heightened volatility for the breached firms. For
instance, Tosun (2021) finds that disclosure of first-time corporate hacking
МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
86
events leads to “daily excess returns drop, trading volume increases due to
selling pressure, and liquidity improves.” These sharp moves reflect investor
attention and fear upon learning of a security failure. Other studies corroborate
this pattern: target firms’ stock prices fall significantly more than non-target
peers in the days following an incident. For example, a conceptual illustration of
abnormal returns might show the CAR falling several percent by day +1 (Table 1,
below). This negative CAR is typically concentrated on day 0 or +1, with partial
rebound thereafter.
Day relative to
event
–2
–1
0
(announcement)
+1
+2
CAR
Abnormal
Return (%)
+0.2 –0.5
–4.0
–1.0
+0.3
–5.0%
Cumulative AR
(%)
+0.2 –0.3
–4.3
–5.3
–5.0
Table 1: Conceptual abnormal returns for a sample firm around a
breach.
On the announcement day (t=0), the stock drops (–4.0% AR), resulting
in a negative cumulative abnormal return (CAR) by day +2.
In tandem with price drops, volatility spikes are commonly observed.
Breached firms tend to exhibit increased stock price variability immediately
after disclosure. Corbet and Gurdgiev (2019) show that targeted firms are
“punished significantly in the form of stock market volatility” following
cybercrime events. Elevated volatility often accompanies higher trading volume
and rapid sell orders, as frightened shareholders offload positions. Notably,
event‐study analyses report that in many cases the statistically significant price
decline emerges by the next trading day rather than pre-announcement,
suggesting markets do not price in leaks significantly before disclosure.
Across studies, one finds that larger or more exposed firms suffer larger
shocks. Tosun’s sample and difference‐in‐differences analysis indicates that
firms with higher leverage, Tobin’s Q, or profitability see larger negative returns
and greater sell pressure when hacked. This heterogeneity implies that market
participants scale the loss to firm fundamentals, perhaps because big firms have
more to lose from reputational damage. In summary, the weight of evidence is
that cyber breaches cause transitory but economically meaningful declines in
firm value and jumps in volatility.
B. Case Studies: SolarWinds and Colonial Pipeline
МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
87
SolarWinds (Dec 2020):
The SolarWinds hack was a supply-chain cyberattack disclosed on
December 14, 2020. The hackers inserted malware into SolarWinds' Orion
network-management software, which was in wide use by United States
government agencies and commercial firms. Following FireEye's disclosure of a
broader intrusion, SolarWinds publicly confirmed its software updates were
compromised. Investors reacted sharply: SolarWinds stock "has plunged roughly
22 percent" during the week after disclosure. (Table 2, below, compares chosen
results for SolarWinds.) The breach also triggered inquiries into insider trading
(because of widespread pre-announcement sales by major investors) and a
precedent-setting SEC enforcement action. In October 2023 the SEC accused
SolarWinds and its CISO of having made false statements to investors about
cybersecurity practices, though a court later dismissed most of these fraud
claims. In response, SolarWinds agreed in 2022 to settle (approximately $26
million) with shareholders over the hack's impacts. Beyond firm-level
indicators, the SolarWinds hack put software supply-chain security into
question, and U.S. and global agencies have since tightened software security
standards (e.g. new Executive Order 14028 on software supply-chain security).
Colonial Pipeline (May 2021):
The Colonial Pipeline cyberattack was a ransomware attack made public on
May 7, 2021. DarkSide hackers with Russian ties encrypted Colonial's billing
systems, prompting the company to close its pipeline as a precautionary
measure. The shutdown (which lasted six days) resulted in extensive gasoline
shortages and panic buying on the U.S. East Coast. Fuel prices spiked: U.S.
gasoline averaged $3.04/gal over the course of May 18 (a six-year peak). Though
Colonial itself was private, market impacts appeared in energy markets: U.S.
gasoline and diesel futures jumped (~10–15%) shortly following the attack.
Unlike SolarWinds, the impact appeared in consumer costs and logistics rather
than tech stocks. The federal government moved swiftly: President Biden
declared a state of emergency, and on May 12 signed EO 14028 to improve cyber
defense and incident response for critical infrastructure. Colonial paid a $4.4
million ransom (in Bitcoin) to restart operations (though the decryption tool
was slow). Regulators and Congress subsequently took up stricter cyber
requirements for utilities and pipelines. Table 2 summarizes and contrasts the
findings of the two cases.
C
ONCLUSION
This article explained the influence of large cyber events on financial
МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
88
markets and economic stability. We learn from event-study literature that
announcements of breaches uniformly prompt immediate negative abnormal
returns and higher volatility for breach firms, as investors are concerned with
reputation damage, business disruption, and future liability. Sector and macro-
level effects are sometimes weaker but still significant in most cases. For
instance, the May 2021 Colonial Pipeline ransomware attack caused sudden U.S.
energy market disruption with shortages of gasoline, increased prices, and swift
government intervention. These incidents illustrate how threats in cyber can
ripple through critical infrastructure to tangible economic effects.
Regulatory responses are thus evolving. Governments around the world—
like the U.S. Securities and Exchange Commission and the European Union
through the NIS Directive—have introduced more stringent disclosure
requirements and resilience requirements to better make the financial system
cyber-harder. This initiative aims to tackle technical exposures but also the
channel of confidence through which cyber incidents might deplete institutions
and markets' confidence.
In response to these trends, regulators would embed cybersecurity more
fundamentally within financial regulation in its very foundations. This means
that timed mandates and frequent reports of incursions, and its incentives cyber
insurance uptake, and embed cyber risk scenarios into systemic risk simulations
and stress tests. At the firm level, investment in cybersecurity hygiene, worker
education, and board-level governance remain essential to reducing both
probability and impact of incursions. Follow-up research must advance the
empirical frontier further using linked breach events to macro measures such as
GDP growth, interest rate differentials, or investment flows and then examining
cross-country and industry cyber spillover heterogeneity. Through the
integration of firm-level event-study evidence and macroprudential analysis,
both researchers and practitioners are well suited to forecast and prevent future
high-profile cyberattacks' financial impacts.
References:
1.
i
IMF. (2024, March 12). Cyber Risk and the Financial System: Resilience in
a
Digital
Era.
Retrieved
from
https://www.imf.org/en/Publications/WP/Issues/2024/03/12/cyber-risk-
digital-era
МЕЖДУНАРОДНАЯ КОНФЕРЕНЦИЯ
АКАДЕМИЧЕСКИХ НАУК
89
2.
ii
World Economic Forum. (2024, January 18). Global Cybersecurity
Outlook 2024. Retrieved from
https://www.weforum.org/reports/global-
3.
iii
Harvard Business Review. (2023, October 9). How Cyberattacks Hit
Corporate Value. Retrieved from
https://hbr.org/2023/10/how-cyberattacks-
4.
iv
European Systemic Risk Board. (2023, September 25). Systemic Cyber
Risk
and
Financial
Stability.
Retrieved
from
https://www.esrb.europa.eu/pub/pdf/reports/esrb.systemiccyberrisk.2023
5.
v
El País. (2025, February 25). El uso de la inteligencia artificial abre
brecha entre las grandes y las pequeñas empresas. Retrieved from
6.
vi
European Commission. (2023, October 10). NIS2 Directive: Stronger
Cybersecurity
for
Europe.
Retrieved
from
strategy.ec.europa.eu/en/policies/nis2-directive
7.
vii
U.S. Securities and Exchange Commission. (2023, July 26). SEC Adopts
Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident
Disclosure. Retrieved from
