Do Good and Do No Harm Too: Employee-Related Corporate Social (Ir)responsibility and Information Security Performance

Authors

Qian Wang, University of MacauFollow
Dan Pienta, University of Tennessee, KnoxvilleFollow
Shenyang Jiang, Tongji UniversityFollow
Eric W. T. Ngai, The Hong Kong Polytechnic UniversityFollow
Jason Bennett Thatcher, University of Colorado Boulder / University of ManchesterFollow

Abstract

This study draws upon the principal-agent theory to investigate the relationship between employee-related social performance and information security. This exploration encompasses both positive and negative dimensions of such performance: employee-related socially responsible activities (employee-related CSR) and employee-related socially irresponsible activities (employee-related CSiR). We employ a multi-study approach. First, we analyze an eight-year sample of publicly listed firms, revealing a negative association between firms’ engagement in employee-related CSR and information security risks, while their involvement in employee-related CSiR is positively linked to such risks. Our exploratory analysis uncovers additional intriguing findings, demonstrating that the uniqueness of employee-related social performance can amplify its impact on security. In a subsequent study, we conduct a scenario-based experiment to provide empirical evidence for our proposed principal-agent-based theory.

DOI

10.17705/1jais.00908

Recommended Citation

Wang, Qian; Pienta, Dan; Jiang, Shenyang; Ngai, Eric W. T.; and Thatcher, Jason Bennett, "Do Good and Do No Harm Too: Employee-Related Corporate Social (Ir)responsibility and Information Security Performance" (2024). JAIS Preprints (Forthcoming). 155.
DOI: 10.17705/1jais.00908
Available at: https://aisel.aisnet.org/jais_preprints/155