Corporate Social Irresponsibility and the Occurrence of Data Breaches: A Stakeholder Management Perspective

Zabihollah Rezaee, Gaoguang Zhou*, Luofan Luther Bu

*Corresponding author for this work

Research output: Contribution to journalJournal articlepeer-review


Ever-increasing data breach incidents are destroying firms’ operations and financial sustainability. We examine the association between corporate social irresponsibility (CSIR) and data breach incidents, stock market reactions to these incidents, and how the affected firms respond to data breaches. Using a sample of 24,456 observations from 2005 to 2018, we find a positive and significant association between CSIR and the occurrence of data breaches. More importantly, CSIR, regarding employee, community, and corporate governance issues, is more likely to result in internal data breaches, and environmental concerns can trigger external attacks. In contrast, product concerns can lead to both internal breaches and external attacks. Consistent with our prediction, the negative stock market reaction to data breaches is more pronounced in CSIR than in non-CSIR firms. Finally, we show that firms respond to data breaches by establishing corporate social responsibility (CSR) committees. Firms with such committees, especially those with robust CSR committees, are more likely to react to data breaches by mitigating CSIR. Our results offer important and timely policy, practice, and research implications as data breaches persist.
Original languageEnglish
Article number100677
Number of pages20
JournalInternational Journal of Accounting Information Systems
Early online date12 Mar 2024
Publication statusE-pub ahead of print - 12 Mar 2024

Scopus Subject Areas

  • Information Systems and Management
  • Accounting
  • Management Information Systems
  • Finance

User-Defined Keywords

  • Corporate Social Irresponsibility
  • Cyberattack
  • Cybersecurity
  • Data Breach
  • IT Governance
  • Stakeholder Management


Dive into the research topics of 'Corporate Social Irresponsibility and the Occurrence of Data Breaches: A Stakeholder Management Perspective'. Together they form a unique fingerprint.

Cite this