Abstract
Synopsis The research problem This study investigated how firms employ corporate social responsibility (CSR) as a precautionary strategy in response to heightened concerns about cybersecurity following the adoption of data breach disclosure laws in the United States. Motivation CSR has garnered substantial attention in contemporary society. Simultaneously, the last few decades have witnessed a rapid surge of the digital economy. However, it remains unclear how CSR is adapting to digitalization. In this study, I focused on cybersecurity, a pivotal challenge in the digital age. Theoretical reasoning The enactment of data breach disclosure laws enhances the reporting of cybersecurity incidents and intensifies concerns about cybersecurity, promoting firms to take measures to mitigate the adverse impacts of data breaches. Building on the theory that CSR functions like an insurance policy, I hypothesized that firms increase their engagement in CSR to fortify their reputation after the enactment of data breach disclosure laws, helping cushion the potential impact of future breaches. Analyses The main analysis employed a difference-in-differences research design to compare the changes in CSR engagement between firms with high and low levels of cybersecurity risk following the enactment of data breach disclosure laws in the United States. Cross-sectional analyses delved into the underlying mechanisms. Additional analyses first explored the role of CSR in mitigating stock price decline and then illustrated reputational concerns after data breaches. Findings The main analysis showed that firms with high cybersecurity risk increase their CSR engagement to a greater extent following the adoption of data breach disclosure laws. CSR initiatives are particularly pronounced for firms likely to incur significant losses from data breaches, aligning with the theoretical framework and offering insight into the underlying mechanisms. I also found that firms with fewer financial constraints exhibit stronger CSR initiatives. Furthermore, these CSR initiatives are distinct and cannot be substituted by investments in information technology. The additional analysis illustrates that firms with superior CSR performance undergo a smaller stock price decline surrounding data breach announcements. This supports the notion that CSR functions much like insurance, shielding against the impacts of data breaches. Subsequently, this study presents direct evidence on firms’ concerns regarding the reputational impact of cybersecurity. Overall, this study underscores cybersecurity concerns as a driving force behind social responsibility initiatives in this digital era. Target population This research holds significance for policymakers worldwide who are considering cybersecurity-related regulations and for firms seeking effective risk management strategies in the face of cybersecurity challenges.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call