Abstract
This study draws upon the principal-agent theory to investigate the relationship between employee-related social performance and information security. This exploration encompasses both positive and negative dimensions of such performance: employee-related socially responsible activities (employee-related CSR) and employee-related socially irresponsible activities (employee-related CSiR). We employed a multistudy approach. First, we analyzed an eight-year sample of publicly listed firms, revealing a negative association between firms’ engagement in employee-related CSR and information security risks, while their involvement in employee-related CSiR is positively linked to such risks. Our exploratory analysis uncovered additional intriguing findings, demonstrating that the uniqueness of employee-related social performance can amplify its impact on security. In a subsequent study, we conducted a scenario-based experiment to provide empirical evidence for our proposed principal-agent-based theory.
Recommended Citation
Wang, Qian; Pienta, Dan; Jiang, Shenyang; Ngai, Eric W. T.; and Thatcher, Jason Bennett
(2025)
"Do Good and Do No Harm Too: Employee-Related Corporate Social (Ir)responsibility and Information Security Performance,"
Journal of the Association for Information Systems, 26(1), 171-204.
DOI: 10.17705/1jais.00908
Available at:
https://aisel.aisnet.org/jais/vol26/iss1/5
DOI
10.17705/1jais.00908
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.