Corporate social irresponsibility and the occurrence of data breaches: A stakeholder management perspective

Abstract

Ever-increasing data breach incidents are destroying firms’ operations and financial sustainability. We examine the association between corporate social irresponsibility (CSIR) and data breach incidents, stock market reactions to these incidents, and how the affected firms respond to data breaches. Using a sample of 24,456 observations from 2005 to 2018, we find a positive and significant association between CSIR and the occurrence of data breaches. More importantly, CSIR, regarding employee, community, and corporate governance issues, is more likely to result in internal data breaches, and environmental concerns can trigger external attacks. In contrast, product concerns can lead to both internal breaches and external attacks. Consistent with our prediction, the negative stock market reaction to data breaches is more pronounced in CSIR than in non-CSIR firms. Finally, we show that firms respond to data breaches by establishing corporate social responsibility (CSR) committees. Firms with such committees, especially those with robust CSR committees, are more likely to react to data breaches by mitigating CSIR. Our results offer important and timely policy, practice, and research implications as data breaches persist.