Abstract

Abstract Cybersecurity breaches impose both direct costs (statutory audit fees) and hidden costs (non‑audit fees for remediation, consulting, and reputation management). Yet, the organizational antecedents that drive these transaction costs are poorly understood. Adopting Transaction Cost Economics as our theoretical lens, we analyze 261 breach events across 147 publicly traded firms (2009–2020). We merge Compustat financials with data on global footprint (number of countries), regulatory intensity (NAICS classification), breach complexity (data types compromised), and attack vectors. Using a suite of explainable machine‑learning models (Decision Tree, Random Forest, Support Vector Regression, and XGBoost), we log‑transform audit and non‑audit fees to capture non‑linear effects and rank predictor importance. Our results reveal that global footprint is the strongest driver of increased audit fees, reflecting elevated monitoring costs when firms operate across multiple jurisdictions. Moderately regulated industries incur the highest combined transaction costs, suggesting that insufficient compliance infrastructures exacerbate both audit and remediation expenses. Breach complexity and sophisticated attack vectors predominantly elevate non‑audit fees, as firms invest heavily in consulting, legal counsel, and reputation repair. These findings offer actionable insights for practitioners: executives can tailor cybersecurity investments and incident‑response protocols based on organizational scope and industry profile, while policymakers may refine disclosure requirements to incentivize stronger pre‑breach controls. Methodologically, this study demonstrates the value of explainable AI in translating high‑dimensional breach data into strategic guidance.

Comments

tpp1440

Download

Share

COinS