資訊科技的進步與發展改變了企業的營運模式也創造了企業的新獲利模式。然而，企業也面臨了保護資訊安全的威脅與挑戰。2016年我國銀行業ATM盜領事件以及2017年勒索病毒的攻擊，震驚全臺灣。駭客入侵、個資外洩頻繁登上媒體版面，也讓臺灣企業及政府不得不開始重視資訊安全。本研究蒐集2006年至2017年臺灣資訊安全事件，分析其對臺灣上市櫃企業市場績效及會計績效之影響。本研究實證結果發現：在市場績效方面，考量媒體報導的因素後，有報導或報導長度大於三天且發生資訊安全事件的公司相對於沒有發生資訊安全事件的配對公司短期累積異常報酬顯著較低。而在會計績效方面，發生資訊安全事件的公司相對於沒有發生資訊安全事件的配對公司當年以及次年資產報酬率(ROA)顯著較低。因此，本研究認為資訊安全事件確實為臺灣企業產生負面之影響，本研究期望臺灣企業能正視資訊安全的重要性，投入資訊安全維護。

The advance and development of information technology has changed the business model of the company and also created a new profit model for the company. However, companies also face the threat and challenge of protecting information security. In 2016, the bank’s ATM theft in Taiwan and the Ransomware Attacks in 2017 shocked Taiwan. As we saw considerable news about Hacker invasions and data losses recently, Taiwanese companies and governments have started paying attention to information security. This study collects information security breaches in Taiwan from 2006 to 2017, and analyzes its impact on market performance and accounting performance of Taiwan listed companies. The empirical results of this study show that: in terms of market performance, considering the factor of media coverage, if the information security breaches were reported or reported more than three days, the company's short-term cumulative abnormal returns relative to those without information security incidents are significantly lower. In terms of accounting performance, the return on assets (ROA) of the companies that have information security breaches are significantly lower in the current and following year than the companies that do not have information security breaches. Therefore, this study believes that information security breaches do have a negative impact on Taiwanese companies. This study hopes that Taiwanese companies can put emphasis on the importance of information security and invest in information security maintenance.

李震華、沈怡華、翁偉修、高昶易、陳凱迪、董奕君、劉家委與謝耀方，2017，全球資訊安全產業發展趨勢研究，資策會產業情報研究所。
沈中華與李建然，2000， 事件研究法：財務與會計實證研究必備，華泰文化。
陳立昕，2017，資訊安全事件對股東財富之影響，碩士論文，中國文化大學財務金融學系。
陳振楠、林永修與王瑞祥，2013，資訊安全與法律特訓教材，碁峰出版。
潘天佑，2012，資訊安全概論與實務，第三版，碁峰出版。
蕭伯毅，2014，資訊安全事件之市場反應，碩士論文，國立東華大學會計與財務碩士學位學程。
Acquisti, A., Friedman, A., & Telang, R. 2006. Is there a cost to privacy breaches? An event study. ICIS 2006 Proceedings：94.
Arcuri, M. C., Brogi, M., & Gandolfi, G. 2014. The effect of information security breaches on stock returns: Is the cyber crime a threat to firms? In European Financial Management Meeting.
Aytes, K., Byers, S., & Santhanakrishnan, M. 2006. The Economic Impact of Information Security Breaches: Firm Value and Intra-industry Effects. AMCIS 2006 Proceedings.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. 2010. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3)：523-548.
Campbell, K., Gordon, L. A., Loeb, M. P., Zhou, L. 2003. The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security, 11(3)：431-448.
Cardenas, J., Coronado, A., Donald, A., Parra, F., & Mahmood, M. A. 2012. The economic impact of security breaches on publicly traded corporations: An empirical investigation. AMCIS 2012 Proceedings. Paper 7.
Cavusoglu, H., Mishra, B., Raghunathan, S. 2004. The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1)：70-104.
Chai, S., Kim, M., & Rao, H. R. 2011. Firms' information security investment decisions: Stock market evidence of investors' behavior. Decision Support Systems, 50(4)：651-661.
Coronado, A. S. 2012. Market reactions to publicly announced privacy and security breaches suffered by companies listed on the United States stock exchanges: A comparative empirical investigation. The University of Texas at El Paso. Retrieved from https://search.proquest.com/docview/1294260263?accountid=12690
Crews, C. W., & Oberwetter, B. 2006. Preventing Identity Theft and Data Security Breaches: The Problem With Regulation. Retrieved from http://www.cei.org/pdf/5316.pdf
Das, S., Mukhopadhyay, A., & Anand, M. 2012. Stock market response to information security breach: A study using firm and attack characteristics. Journal of Information Privacy and Security, 8(4), 27-55.
Doherty, N. F., & Fulford, H. 2005. Do information security policies reduce the incidence of security breaches: an exploratory analysis. Information Resources Management Journal, 18(4)：21.
Fama, E. F., Fisher, L., Jensen, M. C., & Roll, R. 1969. The adjustment of stock prices to new information. International Economic Review, 10(1)：1-21.
Garg, A., Curtis, J., & Halper, H. 2003. Quantifying the financial impact of IT security breaches. Information Management & Computer Security, 11(2)：74-83.
Gatzlaff, K. M., & McCullough, K. A. 2010. The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1)：61-83.
Goel, S.,Shawky, H. A. 2009. Estimating the market impact of security breach announcements on firm values. Information & Management, 46(7)：404-410.
Gordon, L. A., Loeb, M. P., & Zhou, L. 2011. The impact of information security breaches: Has there been a downward shift in costs?. Journal of Computer Security, 19(1)：33-56.
Hovav, A., & D'Arcy, J. 2004. The impact of virus attack announcements on the market value of firms. Information Systems Security, 13(3)：32-40.
Hovav, A., Han, J., & Kim, J. 2017. Market Reaction to Security Breach Announcements: Evidence from South Korea. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 48(1)：11-52.
Hsu, C., Wang, T., & Lu, A. 2016. The Impact of ISO 27001 Certification on Firm Performance. In System Sciences (HICSS), 2016 49th Hawaii International Conference.
Hu, Q., Dinev, T., Hart, P., & Cooke, D. 2012. Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4)：615-660.
Ishiguro, M., Tanaka, H., Matsuura, K., & Murase, I. 2006. The effect of information security incidents on corporate values in the Japanese stock market. In International Workshop on the Economics of Securing the Information Infrastructure (WESII).
Jensen, M. C., & Meckling, W. H. 1976. Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics, 3(4)：305-360.
Kannan, K., Rees, J., Sridhar, S. 2007. Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1)： 69-91.
Keats, B. W., & Hitt, M. A. 1988. A causal model of linkages among environmental dimensions, macro organizational characteristics, and performance. Academy of Management Journal, 31(3)：570-598.
Ko, M., & Dorantes, C. 2006. The impact of information security breaches on financial performance of the breached firms: an empirical investigation. Journal of Information Technology Management, 17(2)：13-22.
Malhotra, A., & Kubowicz Malhotra, C. 2011. Evaluating customer information breaches as service failures: An event study approach. Journal of Service Research, 14(1)：44-59.
Mithas, S., Tafti, A., Bardhan, I., & Goh, J. M. 2012. Information technology and firm profitability: mechanisms and empirical evidence. MIS Quarterly：205-224.
Modi, S. B., Wiles, M. A., & Mishra, S. 2015. Shareholder value implications of service failures in triads: The case of customer information security breaches. Journal of Operations Management, 35：21-39.
Morse, E. A., Raval, V., & Wingender Jr, J. R. 2011. Market price effects of data security breaches. Information Security Journal: A Global Perspective, 20(6)：263-273.
Paul Bischoff, 2017, How data breaches affect stock market share prices, Comparitech. Retrieved from https://www.comparitech.com/blog/information-security/data-breach-share-price/#gref
Pirounias, S., Mermigas, D., & Patsakis, C. 2014. The relation between information security events and firm market value, empirical evidence on recent disclosures: An extension of the GLZ study. Journal of Information Security and Applications, 19(4-5)：257-271.
Ponemon Institute, 2016, 2016 Cost of Data Breach Study: Global Analysis, Ponemon Institute LLC.
Ponemon Institute, 2017, 2017 Cost of Data Breach Study: Global Overview, Ponemon Institute LLC.
Ponemon Institute, 2017, The Impact of Data Breaches on Reputation & Share Value, Ponemon Institute LLC.
Ranganathan, C., & Brown, C. V. 2006. ERP investments and the market value of firms: Toward an understanding of influential ERP project variables. Information Systems Research, 17(2)：145-161.
Romanosky, S., Telang, R., & Acquisti, A. 2011. Do data breach disclosure laws reduce identity theft?. Journal of Policy Analysis and Management, 30(2)：256-286.
Rosenbaum, P. R., & Rubin, D. B. 1983. The central role of the propensity score in observational studies for causal effects. Biometrika, 70(1)：41-55.
Son, I., Lee, D., Lee, J. N., & Chang, Y. B. 2011. Understanding The Impact Of IT Service Innovation On Firm Performance: The Case Of Cloud Computing. In Proceedings of the PACIS.
Sonnenschein, R., Loske, A., & Buxmann, P. 2017. The Role of Top Managers’ IT Security Awareness in Organizational IT Security Management. Retrieved from https://aisel.aisnet.org/icis2017/Security/Presentations/13/
Spanos, G., & Angelis, L. 2016. The impact of information security events to the stock market: A systematic literature review. Computers & Security, 58：216-229.
Yayla, A. A., & Hu, Q. 2011. The impact of information security events on the stock value of firms: The effect of contingency factors. Journal of Information Technology, 26(1)： 60-77.
Zafar, H., Ko, M., & Osei-Bryson, K. M. 2012. Financial impact of information security breaches on breached firms and their non-breached competitors. Information Resources Management Journal (IRMJ), 25(1)：21-37.
ZIdafamor, E. 2015. The Economic and Organizational Impacts of IT Security Breaches. Retrieved from https://www.researchgate.net/profile/Emmanuel_Zidafamor/publication/283578988_The_Economic_and_Organizational_Impacts_of_IT_Security_Breaches/links/5640c6cb08aec448fa60098c/The-Economic-and-Organizational-Impacts-of-IT-Security-Breaches.p