Paper ID
3272
Paper Type
full
Description
While digitization necessitates cybersecurity, firms engaging in digitization initiatives may be discouraged by the rising costs to protect their digitized information. Therefore, it has become increasingly important to understand if concerns about the costs of cybersecurity stifle digital growth. This study addresses this question by investigating the state- and industry-level economic impacts of the passages of security breach notification laws (SBNLs) in the United States, which act as legislative pressure in increasing the cybersecurity costs of digitization. We study the impact of SBNLs on an important economic topic – employment by IT service provider industry. Using a difference-in-difference design, we find that employment by mature IT service providers decreases following enactment of SBNLs. Impacts on younger IT service firms are not significant. The results hold under various robustness and falsification tests. This study provides fresh evidence related to the unintended and broader impacts of cybersecurity legislation.
Recommended Citation
Zhang, Tianjian; Havakhor, Taha; and Biros, David, "Does Cybersecurity Slow Down Digitization? A Quasi-experiment of Security Breach Notification Laws" (2019). ICIS 2019 Proceedings. 42.
https://aisel.aisnet.org/icis2019/cyber_security_privacy_ethics_IS/cyber_security_privacy/42
Does Cybersecurity Slow Down Digitization? A Quasi-experiment of Security Breach Notification Laws
While digitization necessitates cybersecurity, firms engaging in digitization initiatives may be discouraged by the rising costs to protect their digitized information. Therefore, it has become increasingly important to understand if concerns about the costs of cybersecurity stifle digital growth. This study addresses this question by investigating the state- and industry-level economic impacts of the passages of security breach notification laws (SBNLs) in the United States, which act as legislative pressure in increasing the cybersecurity costs of digitization. We study the impact of SBNLs on an important economic topic – employment by IT service provider industry. Using a difference-in-difference design, we find that employment by mature IT service providers decreases following enactment of SBNLs. Impacts on younger IT service firms are not significant. The results hold under various robustness and falsification tests. This study provides fresh evidence related to the unintended and broader impacts of cybersecurity legislation.