Does Ransomware Make Investors “WannaCry”? On Investors’ Divergent Reactions to Ransomware Hits and Near Misses

Authors: Schuetz, Sebastian W.; Chen, Yan; Forderer, Jens; Ma, Yusi

Journal: MIS Quarterly (2025)

DOI: 10.25300/misq/2024/18509

<jats:p>In recent years, ransomware has become one of the most dangerous cyber threats, with successful attacks causing severe operational disruptions and staggering damages. Rationally speaking, investors should react negatively to firms’ ransomware disclosures, but this may not always be the case. Based on norm theory, we describe a paradoxical phenomenon wherein investors exhibit negative reactions to ransomware hits (i.e., events that led to operational disruptions) but positive reactions to near misses (i.e., events in which operational disruptions were narrowly avoided). The positive reactions occur due to an outcome bias in which near-miss events—events that are objectively negative but less severe than expected—are viewed positively instead of negatively. We tested these predictions by reporting on an investigation of stock market reactions to disclosures of ransomware hits vs. near misses. To do so, we assembled a comprehensive dataset of ransomware incidents disclosed by U.S. public firms. Using the event study method, we estimated abnormal stock market returns and found evidence in support of our predictions. First, in line with expectations, ransomware hits that led to…

View in Otero