Firm diversity and data breach risk: A longitudinal study

Abstract

Research has extensively investigated the rationale of firm diversity from the economic perspective, but little is known about how such a strategy may affect information security. The present study is the first to examine how firm diversity is relevant to firms’ likelihood to experience data breaches (i.e., data breach risk). Drawing from the strands of literature on information security, diversification, and resource-based view, we propose hypotheses on the relationship between firm diversity and data breach risk, as well as the boundary conditions of this relationship. On the basis of a twelve-year sample of publicly-listed firms, our analysis provides evidence to support the negative association between firm diversity and data breach risk. Our analysis also delineates conditions under which the effects of firm diversity can intervene to reduce the data breach risk invoked, such as under related diversity and when managers are managerially capable. For academics, our research accentuates an intriguing but unexamined benefit of firm diversity because it relates to information security. For practicing professionals, this research highlights the significant impact of firms’ operational structure on information security.