Kholekile L. Gwebu,Jing Wang,Wenjuan Xie

2014-01-01

Abstract:To estimate the cost of a data breach to the inflicted firm, this study examines the relationship between a breach incident and changes in the inflicted firm’s profitability, perceived risk, and the inflicted firms’ information environment transparency. Profitability is measured as reported earnings and analysts’ earnings forecasts. Perceived risk is measured as reported stock return volatility and dispersion among analysts’ forecasts. Although a number of studies have investigated the stock market reaction surrounding the disclosure of a breach incident to quantify the cost associated with breaches, we argue that there exists information uncertainty and deficiency in the disclosure of the breach incident and stock market reaction surrounding a security breach announcement date may not be the best measure for the cost of security breaches. And research using other complementary measures is warranted. Our preliminary finding suggests that data breaches negatively impact firm profitability, perceived risk and information transparency. Nevertheless, the damage of a breach most likely stems from direct costs such as compensation and litigation costs rather than indirect costs such as tarnished reputation and a decrease in market share and sales. More sophisticated analysts are also found to add value in estimating the real cost of a security breach.

Jinghua Tang,Xiaoming Wang,Qigui Liu

DOI: https://doi.org/10.1016/j.pacfin.2023.101947

IF: 3.239

2023-01-01

Pacific-Basin Finance Journal

Abstract:Using a sample of Chinese listed firms, this study investigates how customers' ESG performance has influence on suppliers' ESG. We document a positive spillover effect of customers' ESG to that of suppliers. Regarding the components of ESG, we show evidence that customers concern more about the environment and social performance of their suppliers instead of the corporate governance. In addition, the positive spillover effect of customers' ESG (E) is strengthened by the implementation of the double carbon policy. We also find a more pronounced spillover effect of customers' ESG when the suppliers have at least one foreign customer, face greater competition and locate in more marketized regions. Spillover effect is also documented in the ESG disclosure: when customers disclose ESG reports, suppliers tend to follow the trend in the subsequent year. Finally, both customers and suppliers benefit from the collaborative ESG efforts along the supply chain by achieving a better performance evidenced by reduction of discretionary expenses, increase of sales growth and improvement of Tobin's Q.

JiangBo HuangFu,Mark J. Kohlbeck,Lin Wang,Zhijian He

DOI: https://doi.org/10.2139/ssrn.3544245

2020-01-01

SSRN Electronic Journal

Abstract:We investigate the impact of customers’ cybersecurity breaches (CSBs) on its supplier’s relationship-specific investment decisions and the duration of supplier-customer relationship. We document a significant negative association between customer reported CSBs and suppliers’ relationship-specific investments in the subsequent year. In addition, we find customers’ reported CSBs increase the likelihood of supplier-customer relationship termination in the subsequent year. Suppliers reduce their relationship-specific investment by 6% of total sales in the subsequent year following customers’ reported CSBs. More importantly, supplier-customer relationships are two times more likely to be terminated the year after a customer reports a CSB incident. Our findings demonstrate that CSBs are an economically significant event to the breached firm in terms of indirect costs and provide further insight into how a CSB can influence the perception of the firm’s influential stakeholders, especially its key suppliers.

Shuili Du,Jing Wang,Kholekile L. Gwebu

DOI: https://doi.org/10.1109/CyberSA.2017.8073393

2017-01-01

Abstract:This study explores the potential role of corporate social responsibility (CSR) in mitigating the damage of data breach, a topic that has received scant attention from the literature. Drawing upon the literatures on CSR, stakeholder theory, and the resource-based view (cites), we conceptualize that firms with greater CSR activities accumulate goodwill and cultivate stronger stakeholder relationships, and thus during times of a crisis, such as a data breach, stakeholders are more likely to give the socially responsible firm "the benefit of doubt" and temper their sanctions, mitigating the damage of the breach.

Shuili Du,Kholekile L. Gwebu,Jing Wang,Kun Yu

DOI: https://doi.org/10.17705/1cais.05414

2024-01-01

Communications of the Association for Information Systems

Abstract:This paper aims to identify breach- and firm-level characteristics that may account for the heterogenous stock market reaction to data breaches. Drawing upon the screening theory, this paper examines the possibility of three breach characteristics (breach severity, breach locus, and breach controllability) and two firm attributes (CEO stock ownership, and corporate social responsibility (CSR) performance) serving as information screens to influence stock market reaction to a data breach incident. Using an archival dataset compiled from multiple sources, we examine 607 data breaches from 2004 to 2018 and find that the stock market reacts more negatively if a breach is more severe (i.e., involving more data records and financially sensitive consumer data), controllable (i.e., could have been prevented), and if the breached firm has weak corporate governance, as indicated by low CEO stock ownership. Furthermore, CSR provides “insurance-like” protection by attenuating the negative effects of breach severity, breach controllability, and poor corporate governance on firm value. The findings of this research highlight the relevance of screening theory as a theoretical lens for examining the contextual dependence of stock market reaction to data breaches on key breach- and firm-level characteristics.

Kholekile L. Gwebu,Jing Wang,Li Wang

DOI: https://doi.org/10.1080/07421222.2018.1451962

IF: 7.582

2018-01-01

Journal of Management Information Systems

Abstract:Despite the significant financial losses associated with data breaches, little is known about the (in)effectiveness of the tools that firms have to protect their value following a breach. Drawing on cognitive dissonance theory and the research on cue diagnosticity and crisis management, this study examines the relative efficacy of firm reputation and a range of post-breach response strategies. The results indicate that firm reputation is an important asset in protecting firm value. However, only certain response strategies are found to mitigate the negative financial impact of a breach on lower-reputation firms, and response strategies are found to matter less for high-reputation firms. These findings offer practitioners evidence-based guidance for protecting firm value following data breaches and underscore the need for developing more nuanced strategies for managing breaches. The theoretical arguments developed here serve as a conceptual base for examining the efficacy of various data breach response strategies.

Jaeyoung Park,Woosik Shin,Beomsoo Kim,Miyea Kim

DOI: https://doi.org/10.1108/intr-11-2022-0898

IF: 5.9

2024-04-09

Internet Research

Abstract:Purpose This study aims to explore the spillover effects of data breaches from a consumer perspective in the e-commerce context. Specifically, we investigate how an online retailer's data breach affects consumers' privacy risk perceptions of competing firms, and further how it affects shopping intention for the competitors. We also examine how the privacy risk contagion effect varies depending on the characteristics of competitors and their competitive responses. Design/methodology/approach We conducted two scenario-based experiments with surveys. To assess the spillover effects and the moderating effects, we employed an analysis of covariance. We also performed bootstrapping-based mediation analyses using the PROCESS macro. Findings We find evidence for the privacy risk contagion effect and demonstrate that it negatively influences consumers' shopping intention for a competing firm. We also find that a competitor's cybersecurity message is effective in avoiding the privacy risk contagion effect and the competitor even benefits from it. Originality/value While previous studies have examined the impacts of data breaches on customer perceptions of the breached firm, our study focuses on customer perceptions of the non-breached firms. To the best of the authors' knowledge, this study is one of the first to provide empirical evidence for the negative spillover effects of a data breach from a consumer perspective. More importantly, this study empirically demonstrates that the non-breached competitor's competitive response is effective in preventing unintended negative spillover in the context of the data breach.

computer science, information systems,telecommunications,business

Junmin Xu,Wei Thoo Yue,Alvin Chung Man Leung,Qin Su

DOI: https://doi.org/10.1016/j.dss.2024.114252

IF: 6.969

2024-01-01

Decision Support Systems

Abstract:In an era of growing social activism, companies engaged in socially irresponsible practices are increasingly vulnerable to data breaches, resulting in substantial reputational and financial losses. This study examines how corporate social irresponsibility (CSI) influences a company's data breach risk. We argue that CSI has an impact on data breach risk by influencing the intentional behaviors of both employees and external hackers. Given that CSI is a broad concept and can take on various forms, we further examine whether some forms of CSI pose a more significant threat than others. Our empirical analysis of data breaches in publicly listed US firms from 2005 to 2017 indicates that compared to the forms of CSI that violate broader social norms (e.g., environmental damages), CSI activities that jeopardize a company's economic value delivery (e.g., product deficiencies) play a more dominant role in driving data breach risk. Furthermore, we find that corporate social responsibility (CSR) can have a dual impact on moderating the relationship between CSI and data breaches. While CSR often helps mitigate CSI-induced data breach risk, this risk is heightened when both CSR and CSI relate to a firm's economic value delivery. This study provides critical insights into how companies can navigate complex data breach risk by managing their social performance.

Fangjun Wang,Hao Wang,Jiyuan Li

DOI: https://doi.org/10.1016/j.pacfin.2024.102460

IF: 3.239

2024-01-01

Pacific-Basin Finance Journal

Abstract:Cybersecurity risk has attracted the attention of legislators in various countries. This paper takes cybersecurity law (CSL) rollout in China as an exogenous event to study the impact of cybersecurity legislation on firm cost behavior. We find that cost stickiness decreases after the implementation of CSL. Our results also reveal that CSL reduces cost stickiness by mechanism of enhancing internal control, mitigating agency problem, and lowering managerial optimistic expectations. CSL's effect on cost stickiness exists in non-state-owned enterprises (non-SOEs) and firms in regions with low privacy sensitivity. CSL reduces stickiness of cost of goods manufactured (COGM), not R&D. CSL's effect on reducing cost stickiness can ultimately enhance firm value. Our research sheds light on the effect of cybersecurity mandates and advances literature on the impact of digital regulations on cost behavior.

Danuvasin Charoen,Warut Khern-am-nuai

DOI: https://doi.org/10.1108/dprg-02-2024-0033

2024-07-03

Digital Policy Regulation and Governance

Abstract:Purpose The detrimental impact of data breaches on organizations and their customers has been well documented in the literature. These breaches expose sensitive information, raising concerns about reputational damage and substantial financial losses for affected firms. Prior research has consistently demonstrated the significant financial repercussions of data breach disclosures, with a significant decline in the market value of breached firms following the incident's revelation. However, recent literature has documented the shift in consumer perception toward data breaches, warranting a revisit of this important and relevant issue with more recent data. This study aims to revisit the cost of data breach disclosures by empirically analyzing the impact of recent data breach incidents on the market value of affected firms. Design/methodology/approach The authors collect the data regarding data breach incidents among publicly traded companies in the USA listed in the S&P 500 index from 2013 to 2021. The empirical analysis relies on the event study approach, and the market value of each firm is estimated using the Fama-French three-factor model. Findings This study finds that the negative market reaction to data breach announcements in recent years has been significantly weaker than those reported in prior works from the past decade. This result confirms the shift in consumer perception toward data breaches in the market. Originality/value While prior research has quantified the cost of data breach disclosures, the authors posit that a renewed examination is essential within the contemporary digital environment. Consumer behavior and market sentiment have undergone significant transformations in recent years, necessitating a revisit of this important issue with updated data. This study not only documents this evolving phenomenon but also yields crucial policy recommendations. Notably, it challenges the conventional wisdom to rely on market forces as an adequate deterrent against data breaches. Consequently, updated regulations may be necessary to effectively navigate the complexities of the evolving digital landscape.

English Else

Huiru Chen,Yingchen Yan,Nana Ma,Jie Liu

DOI: https://doi.org/10.1007/s00500-018-03677-7

IF: 3.732

2020-01-01

Soft Computing

Abstract:With the development of e-commerce, a growing number of suppliers have begun to initially establish their own direct channels, competing with their retail channels. However, while this encroachment endows the suppliers with an efficient method to control downstream competition and total production output directly, it may hurt the retailer due to the loss of monopoly in the retail market. This inconsistency presents a difficulty in reaching equilibrium. In this paper, we focus on the combined effects of the risk attitudes and upstream production investment of supply chain members on supplier encroachment and verify the existence of “win–win” results for both supplier and retailer. We find that, while the two parties cannot simultaneously benefit from supplier encroachment in the absence of upstream investment, they can obtain a Pareto improvement from it in the presence of upstream investment and spillover effect. Regarding risk attitudes, we find that both the supplier and the retailer can reach agreement on the supplier encroachment in the case of a moderate confidence level. In other words, the not too risk-loving and not too risk-averse supply chain members are more likely to obtain a Pareto improvement.

Xinhui Huang,Balaji Janamanchi,Lukai Yang

DOI: https://doi.org/10.1080/13504851.2024.2310052

2024-01-28

Applied Economics Letters

Abstract:Cybersecurity disclosure has garnered significant attention in the past decade. In this study, we observe that the disclosure delays are inversely correlated with firm profitability and we attribute this to information asymmetry. In addition, we find that such a negative impact is mitigated by the presence of a Chief Information Officer. Furthermore, we show that delayed disclosure has negative consequences on CEO compensation. Finally, our results are robust to alternative measures of disclosure delays and profitability. This paper highlights the adverse effect of delayed cyberattack disclosures and has broad implications for cybersecurity practices, regulatory frameworks, and risk management strategies.

economics

Peng Liang,Hasan Cavusoglu,Nan Hu

DOI: https://doi.org/10.1111/poms.13952

IF: 4.638

2023-01-01

Production and Operations Management

Abstract:This paper investigates how managers in the upstream firm (i.e., supplier) adjust their allocations of cost resources in response to managerial expectations of the downstream firms (i.e., customers) on the future demand and prospects. We conduct an empirical analysis to examine the impact of the tone of customers’ forward‐looking disclosures (FLDs) contained in the Management Discussion and Analysis section of 10‐K filings on suppliers’ asymmetric cost behaviors, characterizing costs decreasing less for sales fall than increasing for equivalent sales rise (i.e., “cost stickiness”). We show that the degree of suppliers’ asymmetric cost management is positively associated with their customers’ tone of FLDs. Moreover, such an association is stronger when the suppliers produce more unique products for their major customers. Our inferences remain robust after controlling for the strategic disclosure behavior of the customer firms, ruling out an alternative mechanism of suppliers’ own managerial expectations and managerial empire‐building incentives. Lastly, using a decision made by the U.S. Supreme Court in 2005 as a quasi‐natural experiment setting, we show that the effect of customers’ tone of FLDs on suppliers’ cost stickiness becomes stronger when FLDs are more informative. To the best of our knowledge, this paper is the first to introduce cost stickiness in the operations management context to capture management's operational decision intervention regarding resource allocation. We also contribute to information sharing literature by highlighting the importance of channels other than the traditional explicit information sharing channel in obtaining demand‐relevant information in supply chains.

Zeyu Sun,Ge Yang,Haichen Bai

DOI: https://doi.org/10.1016/j.irfa.2023.102576

IF: 8.235

2023-02-11

International Review of Financial Analysis

Abstract:This study examines how customer firms' financial risk affects supplier firms' conservative reporting. Customers' high financial risk increases suppliers' uncertainty in future performance. We find that suppliers, in response to investors' demand, become more conservative in financial reporting when their customers' financial risk is higher. In support of the contracting explanation, we show that this spillover effect is salient for supplier firms in need of bank loans and for those with better corporate governance. In addition, this effect disappears for suppliers in regions with weak protection of investor rights and when customers are state-owned enterprises. Furthermore, we find the effect intensified by the extent of suppliers' dependence on their customers. Our study provides insights into the externality of customers' risk on the suppliers' financial reporting policy in the emerging markets.

business, finance

Nan Hu,Peng Liang

2019-01-01

Abstract:We examine the impact of customers’ forward-looking disclosures (FLD) contained in the Management Discussion and Analysis section (MD&A) of its 10-K filings on the degree of suppliers’ cost asymmetric behavior (i.e., cost stickiness) using computer-intensive techniques. We find that the degree of suppliers’ cost asymmetry is positively associated with their major customers’ FLD. Moreover, such a positive association is more pronounced when customers are more profitable or when customers have a more positive tone in their MD&A sections. Last, using a decision made by the United States Supreme Court on March 1st, 2005 as a quasi-natural experiment setting, we show that this positive association becomes stronger when FLD becomes more informative. Our findings indicate that suppliers adjust their cost management practices based on the forward-looking disclosures of their major customers along the supply chain.

Yanming Zhang,Baofeng Huo,Mark H. Haney,Mingu Kang

DOI: https://doi.org/10.1016/j.ijpe.2022.108603

IF: 11.251

2022-01-01

International Journal of Production Economics

Abstract:Drawing on organizational information processing theory, this study suggests a moderated mediation model that demonstrates how a buyer firm's digital capability advantage can reduce the unethical behavior of its suppliers. We collected two-wave survey data from 223 Chinese manufacturing firms and applied ordinary least squares regressions and the PROCESS macro model to test the proposed hypotheses. The findings reveal that a buyer firm's digital capability advantage indirectly decreases supplier unethical behavior through enhancing relationship transparency. In addition, this indirect effect is weaker when the level of relational capital is high. By examining the conditional indirect relationship between digital capability advantage and relational capital, this study provides valuable insights into how a buyer firm may effectively utilize digital capability advantage to improve relationship transparency and thereby reduce suppliers' unethical behavior.

Christina Y. Jeong,Sang-Yong Tom Lee,Jee-Hae Lim

DOI: https://doi.org/10.1016/j.im.2018.11.003

2019-07-01

Abstract:In current business climate, a firm’s information systems security is no longer independent from the industry’s broader security environment. A question arises, then, whether stock market values reflect the interdependence of security breaches and investments. In this paper, we used the event study methodology to investigate how a firm’s security breaches and IT security investments influence its competitors. We collected and reviewed 118 information security breaches and 98 IT security investment announcements from 2010 to 2017. We found substantial evidence supporting our hypothesis that information security breaches do, indeed, have a competition effect: when one firm is breached, its competitors have opportunities to absorb market power. For the IT security investment announcements, however, we observed the positive externalities, or contagion effect, in play: market investors feel that the security investments made by one firm increase the security level of the entire network, and hence, competitors also get benefits. Additionally, we found that the competition effect was higher when the breaches occurred after the preceding security investments than when there were no preceding investments before the breaches.

information science & library science,management,computer science, information systems

Jin Li,Wei Xiao,Chong Zhang

DOI: https://doi.org/10.1057/s41599-023-01757-0

2023-01-01

Humanities and Social Sciences Communications

Abstract:The extremely complex and dynamic digital environments of universities make them highly vulnerable to the risk of data breaches. This study empirically investigated the factors influencing data breach risks in the context of higher education, according to crime opportunity theory and routine activity theory. The data consisted of university samples from China and were collected mainly from the Chinese Education Industry Vulnerability Reporting Platform. After applying Poisson regression for the estimation, increased public disclosure of vulnerabilities was found to escalate the frequency of data breaches, whereas cross-border data flow decreased the number of data breaches. Furthermore, the mechanism by which academic strength affects data breaches was examined through the two mediators of cross-border data flow and vulnerability disclosure. In addition, cloud adoption reduced data breaches, and public clouds were determined to be relatively more secure than private clouds. Cloud adoption also acted as a moderator between the negative impact of vulnerabilities and the positive impact of cross-border data flow on data breaches. The estimation and robustness findings revealed the underlying mechanisms that impacted university data security, clarifying the understanding of data breaches and suggesting practical implications for universities and other institutes to improve information security. The findings of this study provide insights and directions for future research.

Shuzhong Ma,Yuxi Chai,Fu Jia

DOI: https://doi.org/10.1016/j.ibusrev.2021.101965

IF: 8.047

2021-01-01

International Business Review

Abstract:The industry of cross-border electronic commerce (CBEC) has experienced rapid development in recent years, however it has also faced severe challenges concerning the managerial risks taking place across national borders. The aims of the study are two folds: first examine the effects of applying different risk mitigation strategies on the market performance of international online vendors (IOVs) and utilities of consumers; second explore whether consumers’ choices among vendors from different nations based on psychic distance are affected by the risk mitigation strategies of platforms or by the actual frequency of vendors making default moves. A dynamic simulation has been conducted based on four combinations of platform strategies determined by two dimensions of ex ante intervention and ex post investigation. The results indicate that (i) once increasing the frequency of ex post investigation of risk events, customers will suffer less default losses, and both IOVs and customers will gain more utilities; (ii) the profits of ordinary vendors will increase marginally when reducing the frequency of ex ante intervention of high-risk orders, causing a lower degree of shopping concentration; (iii) when platforms adopt risk mitigation strategies of more frequent intervention or higher investigation intensity toward IOVs, the psychic distances of consumers towards IOVs from the same nation and from relatively closer nations become closer.

Yuchuan Lin,Xinpeng Xing

DOI: https://doi.org/10.1016/j.frl.2024.105316

IF: 9.848

2024-04-08

Finance Research Letters

Abstract:This paper investigates how media attention to customers affects the supplier's information environment from the perspective of real earnings management. Our empirical results for 2010–2020 reveal a negative association between media attention to customers and the supplier's real earnings management. Causality is established through the instrumental variable two-stage least squares approach. Cross-sectional tests further illustrate that more external supervision and internal constraints are two potential channels for this observed relationship. Overall, our findings emphasize that the media, as a crucial information intermediary, significantly affects the behavior of companies in the supply chain.

business, finance