TY - JOUR
T1 - Corporate Social Irresponsibility and the Occurrence of Data Breaches
T2 - A Stakeholder Management Perspective
AU - Rezaee, Zabihollah
AU - Zhou, Gaoguang
AU - Bu, Luofan Luther
N1 - We gratefully acknowledge the financial support provided by the National Natural Science Foundation of China (Grant No. 71802199), the Ford Foundation (#134371 and #139746) and the Research Matching Grant Scheme of the Research Grant Council of the HKSAR Government.
Publisher Copyright:
© 2024 Elsevier Inc.
PY - 2024/6
Y1 - 2024/6
N2 - Ever-increasing data breach incidents are destroying firms’ operations and financial sustainability. We examine the association between corporate social irresponsibility (CSIR) and data breach incidents, stock market reactions to these incidents, and how the affected firms respond to data breaches. Using a sample of 24,456 observations from 2005 to 2018, we find a positive and significant association between CSIR and the occurrence of data breaches. More importantly, CSIR, regarding employee, community, and corporate governance issues, is more likely to result in internal data breaches, and environmental concerns can trigger external attacks. In contrast, product concerns can lead to both internal breaches and external attacks. Consistent with our prediction, the negative stock market reaction to data breaches is more pronounced in CSIR than in non-CSIR firms. Finally, we show that firms respond to data breaches by establishing corporate social responsibility (CSR) committees. Firms with such committees, especially those with robust CSR committees, are more likely to react to data breaches by mitigating CSIR. Our results offer important and timely policy, practice, and research implications as data breaches persist.
AB - Ever-increasing data breach incidents are destroying firms’ operations and financial sustainability. We examine the association between corporate social irresponsibility (CSIR) and data breach incidents, stock market reactions to these incidents, and how the affected firms respond to data breaches. Using a sample of 24,456 observations from 2005 to 2018, we find a positive and significant association between CSIR and the occurrence of data breaches. More importantly, CSIR, regarding employee, community, and corporate governance issues, is more likely to result in internal data breaches, and environmental concerns can trigger external attacks. In contrast, product concerns can lead to both internal breaches and external attacks. Consistent with our prediction, the negative stock market reaction to data breaches is more pronounced in CSIR than in non-CSIR firms. Finally, we show that firms respond to data breaches by establishing corporate social responsibility (CSR) committees. Firms with such committees, especially those with robust CSR committees, are more likely to react to data breaches by mitigating CSIR. Our results offer important and timely policy, practice, and research implications as data breaches persist.
KW - Corporate Social Irresponsibility
KW - Cyberattack
KW - Cybersecurity
KW - Data Breach
KW - IT Governance
KW - Stakeholder Management
UR - http://www.scopus.com/inward/record.url?scp=85188172934&partnerID=8YFLogxK
U2 - 10.1016/j.accinf.2024.100677
DO - 10.1016/j.accinf.2024.100677
M3 - Journal article
SN - 1467-0895
VL - 53
JO - International Journal of Accounting Information Systems
JF - International Journal of Accounting Information Systems
M1 - 100677
ER -