We present two methodologies that adapt the event study from research in finance and economics to study the impact of enforcement on information security attacks. One uses linear regression with the number of attacks as the dependent variable and indicators of enforcement events as independent variables. The other measures the impact of enforcement by the difference between the actual and predicted number of attacks. We find limited evidence that domestic enforcement deters attacks within the country. However, we find compelling evidence of a displacement effect: U.S. enforcement substantially increases attacks originating from other countries. Our findings are robust to differences in the effective time window of enforcement.