Author ORCID Identifier
Shuili Du: 0000-0003-3936-4664
Kholekile L. Gwebu: 0000-0002-6472-6180
Jing Wang: 0009-0008-6677-2405
Kun Yu: 0000-0002-7666-4546
Abstract
This paper aims to identify breach- and firm-level characteristics that may account for the heterogenous stock market reaction to data breaches. Drawing upon the screening theory, this paper examines the possibility of three breach characteristics (breach severity, breach locus, and breach controllability) and two firm attributes (CEO stock ownership, and corporate social responsibility (CSR) performance) serving as information screens to influence stock market reaction to a data breach incident. Using an archival dataset compiled from multiple sources, we examine 607 data breaches from 2004 to 2018 and find that the stock market reacts more negatively if a breach is more severe (i.e., involving more data records and financially sensitive consumer data), controllable (i.e., could have been prevented), and if the breached firm has weak corporate governance, as indicated by low CEO stock ownership. Furthermore, CSR provides “insurance-like” protection by attenuating the negative effects of breach severity, breach controllability, and poor corporate governance on firm value. The findings of this research highlight the relevance of screening theory as a theoretical lens for examining the contextual dependence of stock market reaction to data breaches on key breach- and firm-level characteristics.
DOI
10.17705/1CAIS.05414
Recommended Citation
Du, S., Gwebu, K. L., Wang, J., & Yu, K. (2024). Differential Market Reaction to Data Security Breaches: A Screening Perspective. Communications of the Association for Information Systems, 54, 376-401. https://doi.org/10.17705/1CAIS.05414
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
