Cybersecurity

Cyber risk and the cross-section of stock returns (with D. Celeny)

We extract firms’ cyber risk with a machine learning algorithm measuring the proximity between their disclosures and a dedicated cyber corpus. Our approach outperforms dictionary methods, uses full disclosure and not devoted-only sections, and generates a cyber risk measure uncorrelated with other firms’ characteristics. We find that a portfolio of US-listed stocks in the high cyber risk quantile generates an excess return of 18.72% p.a. Moreover, a long-short cyber risk portfolio has a significant and positive risk premium of 6.

Empirical evidence from an event study on the determinants of cyberattack costs (with D. Celeny, E. Rousselot, A. Mermoud, and M. Humbert)

Along with the increasing frequency and severity of cyber incidents, understanding their economic implications is paramount. In this context, listed firms’ reactions to cyber incidents are compelling to study since they (i) are a good proxy to estimate the costs borne by other organizations, (ii) have a critical position in the economy, and (iii) have their financial information publicly available. We extract listed firms’ cyber incident dates and characteristics from newswire headlines.

TechRank (with A. Mezzetti et al.)

This article introduces TechRank, a recursive algorithm based on a bipartite graph with weighted nodes that the authors developed to link companies and technologies based on the reflection method. They allow the algorithm to incorporate exogenous variables that reflect an investor’s preferences and calibrate the algorithm in the cybersecurity sector. First, their results help estimate each entity’s influence and explain companies’ and technologies’ ranking. Second, the results provide investors with an optimal quantitative ranking of technologies and thus help them design their optimal portfolio.

The new risk and return of venture capital investments (with F. Burguet and A. Mermoud)

n this paper, the authors estimate the risk and return of venture capital investments with selection bias correction. They use an up-to-date dataset and enhance it to account for missing valuations using machine learning. They infer, with a median error of less than 4%, the true log value of the firm for a total of nearly 120,000 observations from 2010 to 2022. They find an annualized expected return of around 38%, an annualized CAPM alpha of 32.

The performance of cybersecurity investments (with D. Percia David, A. Mermoud, and M. Humbert)

Early-stage firms play a significant role in driving innovation and creating new products and services, especially for cybersecurity. Therefore, evaluating their performance is crucial for investors and policymakers. This work presents a financial evaluation of early-stage firms’ performance in 19 cybersecurity sectors using a private-equity dataset from 2010 to 2022 retrieved from Crunchbase. We observe firms, their primary and secondary activities, funding rounds, and pre and post-money valuations. We compare cybersecurity sectors regarding the amount raised over funding rounds and post-money valuations while inferring missing observations.

Measuring security development in information technologies (with D. Percia David, W. Lacube, S. Gillard, T. Maillart, A. Mermoud, and M. Tsesmelis)

We study security-development patterns in computer-science technologies through (i) the security attention among technologies, (ii) the relation between technological change and security development, and (iii) the effect of opinion on security development. We perform a scientometric analysis on arXiv e-prints (𝑛 = 340,569) related to 20 computer-science technology categories. Our contribution is threefold. First, we characterize both processes of technological change and security development: while most technologies follow a logistic-growth process, the security development follows an AR(1) process or a random walk with positive drift.