Data Breach Disclosure Laws and Social Responsibility Initiatives

Yanlei Zhang*

*Corresponding author af dette arbejde

Publikation: Bidrag til tidsskriftTidsskriftartikelForskningpeer review

Abstract

The research problem:
This study investigated how firms employ corporate social responsibility (CSR) as a precautionary strategy in response to heightened concerns about cybersecurity following the adoption of data breach disclosure laws in the United States.

Motivation:
CSR has garnered substantial attention in contemporary society. Simultaneously, the last few decades have witnessed a rapid surge of the digital economy. However, it remains unclear how CSR is adapting to digitalization. In this study, I focused on cybersecurity, a pivotal challenge in the digital age.

Theoretical reasoning:
The enactment of data breach disclosure laws enhances the reporting of cybersecurity incidents and intensifies concerns about cybersecurity, promoting firms to take measures to mitigate the adverse impacts of data breaches. Building on the theory that CSR functions like an insurance policy, I hypothesized that firms increase their engagement in CSR to fortify their reputation after the enactment of data breach disclosure laws, helping cushion the potential impact of future breaches.

Analyses:
The main analysis employed a difference-in-differences research design to compare the changes in CSR engagement between firms with high and low levels of cybersecurity risk following the enactment of data breach disclosure laws in the United States. Cross-sectional analyses delved into the underlying mechanisms. Additional analyses first explored the role of CSR in mitigating stock price decline and then illustrated reputational concerns after data breaches.

Findings:
The main analysis showed that firms with high cybersecurity risk increase their CSR engagement to a greater extent following the adoption of data breach disclosure laws. CSR initiatives are particularly pronounced for firms likely to incur significant losses from data breaches, aligning with the theoretical framework and offering insight into the underlying mechanisms. I also found that firms with fewer financial constraints exhibit stronger CSR initiatives. Furthermore, these CSR initiatives are distinct and cannot be substituted by investments in information technology. The additional analysis illustrates that firms with superior CSR performance undergo a smaller stock price decline surrounding data breach announcements. This supports the notion that CSR functions much like insurance, shielding against the impacts of data breaches. Subsequently, this study presents direct evidence on firms’ concerns regarding the reputational impact of cybersecurity. Overall, this study underscores cybersecurity concerns as a driving force behind social responsibility initiatives in this digital era.

Target population:
This research holds significance for policymakers worldwide who are considering cybersecurity-related regulations and for firms seeking effective risk management strategies in the face of cybersecurity challenges.
OriginalsprogEngelsk
Artikelnummer2440003
TidsskriftThe International Journal of Accounting
Antal sider41
ISSN1094-4060
DOI
StatusUdgivet - 12 dec. 2024

Bibliografisk note

Epub ahead of print. Published online: 12 December 2024.

Emneord

  • CSR
  • ESG
  • Digitalization
  • Cybersecurity
  • Data breaches

Citationsformater