The Role of Peer Events in Corporate Governance: Evidence from Data Breaches

Abstract

ABSTRACTEconomic theory suggests that negative peer events can result in market-wide spillovers that help unaffected firms take real actions to enhance corporate governance. Motivated by the SEC's concern about cybersecurity, I study the role of peer events in corporate governance using the setting of data breaches. While controlling for firm-specific time-varying unobservable characteristics, I find that peer data breaches are associated with a reduction in future internal control material weaknesses for non-breached firms. The association is robust to a changes analysis and varies cross-sectionally with breach, firm, and board characteristics. Inferences remain consistent when studying IT-related material weaknesses only. Finally, non-breached firms are more likely to have a cybersecurity expert on the top management team after a peer breach. My findings have important implications for mandatory disclosure regulation in general and, in particular, suggest that regulators can help reduce market-wide exposure to cyber risk by facilitating disclosure of cyber incidents.Data Availability: All data used in the study are publicly available.JEL Classifications: G34; M15.