IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v49y2023ics1467089523000088.html
   My bibliography  Save this article

Cybersecurity breaches and investors’ interest in the firm as an investment

Author

Listed:
  • Demek, Kristina C.
  • Kaplan, Steven E.

Abstract

Cybersecurity breaches pose a significant risk to firms. To combat these risks, many firms engage in strategic cybersecurity risk management initiatives. While these efforts may reduce the likelihood of a cybersecurity breach, they do not eliminate the risk of a breach. In the event of a cybersecurity breach, firms may issue an apology to investors. This study uses an experiment to examine whether a firm indicates cybersecurity risk management is a strategic initiative and whether a post-cybersecurity breach apology by the CEO impacts nonprofessional investors’ investment interest in the firm. Results show that, in response to a cybersecurity breach, the presence of a CEO apology positively impacts investors’ investment impression and their perceptions of CEO affective and CEO cognitive trust. We find that investors’ investment interest is lowest for a firm that previously indicates cybersecurity risk management is a strategic initiative and where the CEO does not issue an apology. The CEO apology, however, does not significantly impact investment amount, a secondary measure of investor interest. Results from this study have implications for managers, investors, and regulators.

Suggested Citation

  • Demek, Kristina C. & Kaplan, Steven E., 2023. "Cybersecurity breaches and investors’ interest in the firm as an investment," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
  • Handle: RePEc:eee:ijoais:v:49:y:2023:i:c:s1467089523000088
    DOI: 10.1016/j.accinf.2023.100616
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089523000088
    Download Restriction: Full text for ScienceDirect subscribers only

    File URL: https://libkey.io/10.1016/j.accinf.2023.100616?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Elliott, W.B. & Hodge, F. & Kennedy, J.J. & Pronk, M., 2007. "Are MBA students a good proxy for nonprofessional investors?," Other publications TiSEM 20271f1d-d385-4122-a175-f, Tilburg University, School of Economics and Management.
    2. Rosati, Pierangelo & Cummins, Mark & Deeney, Peter & Gogolin, Fabian & van der Werff, Lisa & Lynn, Theo, 2017. "The effect of data breach announcements beyond the stock price: Empirical evidence on market activity," International Review of Financial Analysis, Elsevier, vol. 49(C), pages 146-154.
    3. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    4. repec:dar:wpaper:70422 is not listed on IDEAS
    5. Daryl Koehn & Maria Goranova, 2018. "Do Investors See Value in Ethically Sound CEO Apologies? Investigating Stock Market Reaction to CEO Apologies," Journal of Business Ethics, Springer, vol. 152(2), pages 311-322, October.
    6. Nicholas DiFonzo & Anthony Alongi & Paul Wiele, 2020. "Apology, Restitution, and Forgiveness After Psychological Contract Breach," Journal of Business Ethics, Springer, vol. 161(1), pages 53-69, January.
    7. Gao, Lei & Calderon, Thomas G. & Tang, Fengchun, 2020. "Public companies' cybersecurity risk disclosures," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    8. Kaplan, Steven E. & Mauldin, Elaine G., 2008. "Auditor rotation and the appearance of independence: Evidence from non-professional investors," Journal of Accounting and Public Policy, Elsevier, vol. 27(2), pages 177-192.
    9. Brown, Hart S., 2016. "After the data breach: Managing the crisis and mitigating the impact," Journal of Business Continuity & Emergency Planning, Henry Stewart Publications, vol. 9(4), pages 317-328, June.
    10. Eli Amir & Shai Levi & Tsafrir Livne, 2018. "Do firms underreport information on cyber-attacks? Evidence from capital markets," Review of Accounting Studies, Springer, vol. 23(3), pages 1177-1206, September.
    11. Hinz, Oliver & Nofer, Michael & Schiereck, D. & Trillig, J., 2015. "The Influence of Data Theft on Share Prices and Systematic Risk of Consumer Electronics Companies," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 76072, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    12. Marie Racine & Craig Wilson & Michael Wynes, 2020. "The Value of Apology: How do Corporate Apologies Moderate the Stock Market Reaction to Non-Financial Corporate Crises?," Journal of Business Ethics, Springer, vol. 163(3), pages 485-505, May.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Pigola, Angélica & Da Costa, Priscila Rezende & Ferasso, Marcos & Cavalcanti da Silva, Luís Fabio, 2024. "Enhancing cybersecurity capability investments: Evidence from an experiment," Technology in Society, Elsevier, vol. 76(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
    2. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    3. Michael McShane & Trung Nguyen, 0. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-36.
    4. Syed Emad Azhar Ali & Fong-Woon Lai & Rohail Hassan & Muhammad Kashif Shad, 2021. "The Long-Run Impact of Information Security Breach Announcements on Investors’ Confidence: The Context of Efficient Market Hypothesis," Sustainability, MDPI, vol. 13(3), pages 1-27, January.
    5. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    6. Zhang, Yimei & Smith, Thomas, 2023. "The impact of customer firm data breaches on the audit fees of their suppliers," International Journal of Accounting Information Systems, Elsevier, vol. 50(C).
    7. Foster, Benjamin P. & McClain, Guy & Shastri, Trimbak, 2010. "Impact on pre-and post-sarbanes oxley users’ perceptions by incorporating the auditor’s fraud detection responsibility into the auditor’s internal control report," Research in Accounting Regulation, Elsevier, vol. 22(2), pages 107-113.
    8. Nadia Smaili & Camélia Radu & Amir Khalili, 2023. "Board effectiveness and cybersecurity disclosure," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 27(4), pages 1049-1071, December.
    9. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    10. Cao, Hung & Phan, Hieu V. & Silveri, Sabatino, 2024. "Data breach disclosures and stock price crash risk: Evidence from data breach notification laws," International Review of Financial Analysis, Elsevier, vol. 93(C).
    11. Fan, Sijia & Ge, Qi & Ho, Benjamin & Ma, Lirong, 2023. "Sorry Doesn't Cut It, or Does It? Insights from Stock Market Responses to Corporate Apologies," Journal of Economic Behavior & Organization, Elsevier, vol. 205(C), pages 68-86.
    12. Dana Turjeman & Fred M. Feinberg, 2024. "When the Data Are Out: Measuring Behavioral Changes Following a Data Breach," Marketing Science, INFORMS, vol. 43(2), pages 440-461, March.
    13. Lorenz Bohn & Dirk Schiereck, 2023. "Regulation of data breach publication: the case of US healthcare and the HITECH act," Journal of Economics and Finance, Springer;Academy of Economics and Finance, vol. 47(2), pages 386-399, June.
    14. Sylvie Héroux & Anne Fortin, 2024. "Board of directors’ attributes and aspects of cybersecurity disclosure," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 28(2), pages 359-404, June.
    15. Iyer, Subramanian R. & Simkins, Betty J. & Wang, Heng, 2020. "Cyberattacks and impact on bond valuation," Finance Research Letters, Elsevier, vol. 33(C).
    16. Lin, Zhaoxin & Sapp, Travis R.A. & Ulmer, Jackie Rees & Parsa, Rahul, 2020. "Insider trading ahead of cyber breach announcements," Journal of Financial Markets, Elsevier, vol. 50(C).
    17. Goodson, Brian M. & Grenier, Jonathan H. & Maksymov, Eldar, 2023. "When law students think like audit litigation attorneys: Implications for experimental research," Accounting, Organizations and Society, Elsevier, vol. 104(C).
    18. Chris Florakis & Christodoulos Louca & Roni Michaely & Michael Weber, 2020. "Cybersecurity Risk," Working Papers 2020-178, Becker Friedman Institute for Research In Economics.
    19. Gao, Lei & Calderon, Thomas G. & Tang, Fengchun, 2020. "Public companies' cybersecurity risk disclosures," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    20. Elizabeth Almer & Audrey Gramling & Steven Kaplan, 2008. "Impact of Post-restatement Actions Taken by a Firm on Non-professional Investors’ Credibility Perceptions," Journal of Business Ethics, Springer, vol. 80(1), pages 61-76, June.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:49:y:2023:i:c:s1467089523000088. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.