Heartbleed bugHeartbleed bug: insider trading may have taken place as shares slid ahead of breaking story
Here is a puzzle for you. Why did shares in Yahoo! slide by nearly 10 percent in the days before Heartbleed was announced and then recover after the main news items broke? It has long been the case that security vulnerabilities can have a negative effect on the public’s perception of tech companies and the value of their stock. All chief executives need to understand this and take action to reduce the exposure and associated risks. The evidence suggests that in the Heartbleed case, there could have been some insider trading taking place in the days before the story became big news. In theory the companies should have announced the problem to the stock market as soon as they became aware, but this series of events probably illustrates the limits of the duty on companies to disclose: when matters of national security are at stake, the rules may not be so rigorously applied.
Here is a puzzle for you. Why did shares in Yahoo! slide by nearly 10 percent in the days before Heartbleed was announced and then recover after the main news items broke?
It has long been the case that security vulnerabilities can have a negative effect on the public’s perception of tech companies and the value of their stock. All chief executives need to understand this and take action to reduce the exposure and associated risks.
It happened with Sony three years ago, for example, with an outage on their PlayStation network. This lasted more than a week, resulting in a share price drop of 8 percent. It affected both consumers and developers, causing major embarrassment for the company.
I have analyzed how the recent Heartbleed bug affected certain major tech companies. Yahoo! was widely reported to have been hit hard by Heartbleed and to have leaked user information. Amazon had more to lose than most major companies from a dip in consumer confidence related to electronic commerce. Also included in the analysis were HP, Dell, Google, AOL, and Microsoft.
A chart showing the stock price of these companies over the time of the Heartbleed vulnerability, shows that there are two dips, which can be explained by three main phases.
Day zero minus two
The first phase related to the technical release of information about the vulnerability. The first major news release was on April 7 with the stark message: “We are doomed.”
We can see that the full dip happened that day, taking these companies’ stock prices down between 3 percent and 10 percent. But the slide had been happening for a few days, having started on the previous Thursday. This may have been due to information being disseminated to the major companies, most likely from the security authorities before the rest of the world knew about it.
This would have been intended to give the major companies a day or two to get their systems ready for the so-called day zero threat, where it would be an open season in terms of intruders probing systems.
