Jinghua Tang,Xiaoming Wang,Qigui Liu

DOI: https://doi.org/10.1016/j.pacfin.2023.101947

IF: 3.239

2023-01-01

Pacific-Basin Finance Journal

Abstract:Using a sample of Chinese listed firms, this study investigates how customers' ESG performance has influence on suppliers' ESG. We document a positive spillover effect of customers' ESG to that of suppliers. Regarding the components of ESG, we show evidence that customers concern more about the environment and social performance of their suppliers instead of the corporate governance. In addition, the positive spillover effect of customers' ESG (E) is strengthened by the implementation of the double carbon policy. We also find a more pronounced spillover effect of customers' ESG when the suppliers have at least one foreign customer, face greater competition and locate in more marketized regions. Spillover effect is also documented in the ESG disclosure: when customers disclose ESG reports, suppliers tend to follow the trend in the subsequent year. Finally, both customers and suppliers benefit from the collaborative ESG efforts along the supply chain by achieving a better performance evidenced by reduction of discretionary expenses, increase of sales growth and improvement of Tobin's Q.

Kholekile L. Gwebu,Jing Wang,Wenjuan Xie

2014-01-01

Abstract:To estimate the cost of a data breach to the inflicted firm, this study examines the relationship between a breach incident and changes in the inflicted firm’s profitability, perceived risk, and the inflicted firms’ information environment transparency. Profitability is measured as reported earnings and analysts’ earnings forecasts. Perceived risk is measured as reported stock return volatility and dispersion among analysts’ forecasts. Although a number of studies have investigated the stock market reaction surrounding the disclosure of a breach incident to quantify the cost associated with breaches, we argue that there exists information uncertainty and deficiency in the disclosure of the breach incident and stock market reaction surrounding a security breach announcement date may not be the best measure for the cost of security breaches. And research using other complementary measures is warranted. Our preliminary finding suggests that data breaches negatively impact firm profitability, perceived risk and information transparency. Nevertheless, the damage of a breach most likely stems from direct costs such as compensation and litigation costs rather than indirect costs such as tarnished reputation and a decrease in market share and sales. More sophisticated analysts are also found to add value in estimating the real cost of a security breach.

Shuili Du,Kholekile L. Gwebu,Jing Wang,Kun Yu

DOI: https://doi.org/10.17705/1cais.05414

2024-01-01

Communications of the Association for Information Systems

Abstract:This paper aims to identify breach- and firm-level characteristics that may account for the heterogenous stock market reaction to data breaches. Drawing upon the screening theory, this paper examines the possibility of three breach characteristics (breach severity, breach locus, and breach controllability) and two firm attributes (CEO stock ownership, and corporate social responsibility (CSR) performance) serving as information screens to influence stock market reaction to a data breach incident. Using an archival dataset compiled from multiple sources, we examine 607 data breaches from 2004 to 2018 and find that the stock market reacts more negatively if a breach is more severe (i.e., involving more data records and financially sensitive consumer data), controllable (i.e., could have been prevented), and if the breached firm has weak corporate governance, as indicated by low CEO stock ownership. Furthermore, CSR provides “insurance-like” protection by attenuating the negative effects of breach severity, breach controllability, and poor corporate governance on firm value. The findings of this research highlight the relevance of screening theory as a theoretical lens for examining the contextual dependence of stock market reaction to data breaches on key breach- and firm-level characteristics.

Shuili Du,Jing Wang,Kholekile L. Gwebu

DOI: https://doi.org/10.1109/CyberSA.2017.8073393

2017-01-01

Abstract:This study explores the potential role of corporate social responsibility (CSR) in mitigating the damage of data breach, a topic that has received scant attention from the literature. Drawing upon the literatures on CSR, stakeholder theory, and the resource-based view (cites), we conceptualize that firms with greater CSR activities accumulate goodwill and cultivate stronger stakeholder relationships, and thus during times of a crisis, such as a data breach, stakeholders are more likely to give the socially responsible firm "the benefit of doubt" and temper their sanctions, mitigating the damage of the breach.

Kholekile L. Gwebu,Jing Wang,Li Wang

DOI: https://doi.org/10.1080/07421222.2018.1451962

IF: 7.582

2018-01-01

Journal of Management Information Systems

Abstract:Despite the significant financial losses associated with data breaches, little is known about the (in)effectiveness of the tools that firms have to protect their value following a breach. Drawing on cognitive dissonance theory and the research on cue diagnosticity and crisis management, this study examines the relative efficacy of firm reputation and a range of post-breach response strategies. The results indicate that firm reputation is an important asset in protecting firm value. However, only certain response strategies are found to mitigate the negative financial impact of a breach on lower-reputation firms, and response strategies are found to matter less for high-reputation firms. These findings offer practitioners evidence-based guidance for protecting firm value following data breaches and underscore the need for developing more nuanced strategies for managing breaches. The theoretical arguments developed here serve as a conceptual base for examining the efficacy of various data breach response strategies.

Christina Y. Jeong,Sang-Yong Tom Lee,Jee-Hae Lim

DOI: https://doi.org/10.1016/j.im.2018.11.003

2019-07-01

Abstract:In current business climate, a firm’s information systems security is no longer independent from the industry’s broader security environment. A question arises, then, whether stock market values reflect the interdependence of security breaches and investments. In this paper, we used the event study methodology to investigate how a firm’s security breaches and IT security investments influence its competitors. We collected and reviewed 118 information security breaches and 98 IT security investment announcements from 2010 to 2017. We found substantial evidence supporting our hypothesis that information security breaches do, indeed, have a competition effect: when one firm is breached, its competitors have opportunities to absorb market power. For the IT security investment announcements, however, we observed the positive externalities, or contagion effect, in play: market investors feel that the security investments made by one firm increase the security level of the entire network, and hence, competitors also get benefits. Additionally, we found that the competition effect was higher when the breaches occurred after the preceding security investments than when there were no preceding investments before the breaches.

information science & library science,management,computer science, information systems

Weiqiang Tan,Wenming Wang,Wenlan Zhang

DOI: https://doi.org/10.1177/10591478231224920

IF: 4.638

2024-02-06

Production and Operations Management

Abstract:We examine the causal effects of nearby terrorist attacks on supplier–customer relationships. We find that for supplier firms located near terrorist attacks, the probability of relationship termination with their major customers increases by 2.9 percentage points within two years following the attacks. The major customers’ intensified perceptions of supply chain risk largely drive the relationship termination. Further analyses show that major customers tend to switch to suppliers with lower terrorism risks after they end their relationships with the suppliers near attacks. This study provides new insights into the consequences of terrorism by extending the focus to the response of a key stakeholder group (i.e., trade partners) instead of the attack-afflicted firms per se.

operations research & management science,engineering, manufacturing

Yanming Zhang,Baofeng Huo,Mark H. Haney,Mingu Kang

DOI: https://doi.org/10.1016/j.ijpe.2022.108603

IF: 11.251

2022-01-01

International Journal of Production Economics

Abstract:Drawing on organizational information processing theory, this study suggests a moderated mediation model that demonstrates how a buyer firm's digital capability advantage can reduce the unethical behavior of its suppliers. We collected two-wave survey data from 223 Chinese manufacturing firms and applied ordinary least squares regressions and the PROCESS macro model to test the proposed hypotheses. The findings reveal that a buyer firm's digital capability advantage indirectly decreases supplier unethical behavior through enhancing relationship transparency. In addition, this indirect effect is weaker when the level of relational capital is high. By examining the conditional indirect relationship between digital capability advantage and relational capital, this study provides valuable insights into how a buyer firm may effectively utilize digital capability advantage to improve relationship transparency and thereby reduce suppliers' unethical behavior.

Daniel Celeny,Loïc Maréchal,Evgueni Rousselot,Alain Mermoud,Mathias Humbert

2024-02-07

Abstract:Along with the increasing frequency and severity of cyber incidents, understanding their economic implications is paramount. In this context, listed firms' reactions to cyber incidents are compelling to study since they (i) are a good proxy to estimate the costs borne by other organizations, (ii) have a critical position in the economy, and (iii) have their financial information publicly available. We extract listed firms' cyber incident dates and characteristics from newswire headlines. We use an event study over 2012--2022, using a three-day window around events and standard benchmarks. We find that the magnitude of abnormal returns around cyber incidents is on par with previous studies using newswire or alternative data to identify cyber incidents. Conversely, as we adjust the standard errors accounting for event-induced variance and residual cross-correlation, we find that the previously claimed significance of abnormal returns vanishes. Given these results, we run a horse race of specifications, in which we test for the marginal effects of type of cyber incidents, target firm sector, periods, and their interactions. Data breaches are the most detrimental incident type with an average loss of -1.3\% or (USD -1.9 billion) over the last decade. The health sector is the most sensitive to cyber incidents, with an average loss of -5.21\% (or USD -1.2 billion), and even more so when these are data breaches. Instead, we cannot show any time-varying effect of cyber incidents or a specific effect of the type of news as had previously been advocated.

General Finance

Julia L. Higgs,Robert E. Pinsker,Thomas J. Smith,George R. Young

DOI: https://doi.org/10.2308/isys-51402

2016-01-01

Journal of Information Systems

Abstract:ABSTRACT After several high-profile data security breaches (e.g., Target Corporation, Michaels Stores, Inc., The Home Depot), corporate boards are prioritizing the oversight of Information Technology (IT) risk. Firms are also increasingly faced with disclosure decisions regarding IT security breaches. This study proposes that firms can use the creation of a board-level technology committee as part of the firm's information technology governance (ITG) to signal the firm's ability to detect and respond to security breaches. Using reported security breaches during the time period 2005–2014, results indicate that firms with technology committees are more likely to have reported breaches in a given year than are firms without the committee. Further analysis suggests that this positive association is driven by relatively young technology committees and external source breaches. Specifically, as a technology committee becomes more established, its firm is not as likely to be breached. To obtain further evidence on the perceived value of a technology committee, this study uses a returns analysis and finds that the presence of a technology committee mitigates the negative abnormal stock returns arising from external breaches. Findings add to the evolving ITG literature, as well to the signaling theory and disclosure literatures.

business, finance

Yin Cheng,Cheng Xin,Yang Yinan,Palmon Dan

DOI: https://doi.org/10.1007/s10551-019-04369-4

IF: 6.331

2020-01-01

Journal of Business Ethics

Abstract:This study examines whether customer firms’ unethical behavior distorts suppliers’ investment decisions. Using litigation and restatement to measure unethical behavior, we find that suppliers with customers engaged in frauds tend to invest more during the cheating period, compared to unaffected suppliers. In cross-sectional analyses, we examine the moderating effect of suppliers’ reliance on customer information and peer information. Results show that more industry peers’ voluntary disclosures and analyst coverage, lower sales volatility, and lower relationship-specific investments mitigate the distortion effect on suppliers. Suppliers’ overinvestments caused by customers’ misreporting also lead to the suppliers’ inferior future performance and subsequent negative market reaction, and the severity of customers’ misreporting influences the magnitude of suppliers’ investment distortions. These results are robust in a dynamic difference-in-difference specification, an SEC enforcement sample, and a sample that excludes observations for suppliers and customers in the same industry. This paper contributes to the ethics literature by emphasizing the importance of creditable supply-chain information transfer to investment decisions and clarifying the nontrivial influence of principal customers in the supply-chain network.

Minghao Zhu,Andy C. L. Yeung,Honggeng Zhou

DOI: https://doi.org/10.1016/j.ijpe.2021.108214

IF: 11.251

2021-01-01

International Journal of Production Economics

Abstract:Previous studies on the impact of customer concentration on firm-level outcomes mainly focus on financial and operational variables, and the influence of a concentrated customer base remains controversial. As one of the important issues of responsible and sustainable operations management, corporate social responsibility (CSR) has garnered increasing attention of scholars in recent years. However, research on CSR antecedents is far less than the studies of its outcomes, and few studies investigate what determines CSR engagement from buyer-supplier relationship perspective. Using a large sample panel data from Chinese publicly listed firms between 2010 and 2019, we find that a concentrated customer base is negatively associated with suppliers' CSR performance. Our results still hold after a series of robustness checks. Next, the results show that customer concentration is also negatively correlated with CSR's five dimensions, but the negative impact on non-core stakeholders is more significant than that on core stakeholders. Further, the mechanism analysis reveals that profitability and financial constraints are two potential transmission mechanisms in the linkage between customer concentration and CSR performance. Finally, we find that the negative impact is more salient when a supplier with higher transparency. Overall, our study suggests that a close relationship between a supplier and its major customers may impede the supplier's incentives to do good things, and a supplier may weigh benefits and costs to strategically adjust its CSR behaviour as a response to customer risk. These findings have significant implications for suppliers, customers, and regulators.

Yuchuan Lin,Xinpeng Xing

DOI: https://doi.org/10.1016/j.frl.2024.105316

IF: 9.848

2024-04-08

Finance Research Letters

Abstract:This paper investigates how media attention to customers affects the supplier's information environment from the perspective of real earnings management. Our empirical results for 2010–2020 reveal a negative association between media attention to customers and the supplier's real earnings management. Causality is established through the instrumental variable two-stage least squares approach. Cross-sectional tests further illustrate that more external supervision and internal constraints are two potential channels for this observed relationship. Overall, our findings emphasize that the media, as a crucial information intermediary, significantly affects the behavior of companies in the supply chain.

business, finance

Cansu Tayaksi,Erhan Ada,Yigit Kazancoglu,Muhittin Sagnak

DOI: https://doi.org/10.1108/jeim-11-2020-0450

2021-06-10

Journal of Enterprise Information Management

Abstract:Purpose Today, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many benefits to businesses, it also brings risks as the information systems security breaches. Security breaches and their financial impact is a constant concern of the researchers and practitioners. This paper explores information systems breaches and their financial impacts on the publicly traded companies in different sectors. Design/methodology/approach After a comprehensive data collection process, data from 192 events are analyzed by employing Event Study Methodology and a comparison of the results between the four highly affected sectors (Consumer Goods, Technology, Financial and Communications) is presented. The abnormal returns on the prices of stocks after the events are calculated with the Market Model. Also, the results of the Market Adjusted Model and Mean Adjusted Model are presented to support the results. Findings While information systems security breaches have a significant negative impact on the Financials and the Technology sectors for all the event windows in the study ([−5, 0], [−5, 1], [−5, 5], and [−5, 10]), the significant negative impact is observed only on the [−5, 5] and [−5, 10] event windows for the Consumer Goods sector. No significant negative impact is observed in the Communications sector, in fact, the cumulative abnormal returns are positive for this sector. Originality/value The contribution of this paper to provide evidence about the financial impacts of the information systems breaches for businesses in different sectors. While there are studies that have previously focused on the information systems breaches and their financial impacts on businesses, to the best of our knowledge, this is the first study that compares this effect between the four highly impacted sectors. With a relatively larger sample size and broader event windows than the past studies in the literature, statistical evidence is provided to managers to justify their investments in information security and build preventive measures to secure the market value of their firms.

information science & library science,management

Xinhui Huang,Balaji Janamanchi,Lukai Yang

DOI: https://doi.org/10.1080/13504851.2024.2310052

2024-01-28

Applied Economics Letters

Abstract:Cybersecurity disclosure has garnered significant attention in the past decade. In this study, we observe that the disclosure delays are inversely correlated with firm profitability and we attribute this to information asymmetry. In addition, we find that such a negative impact is mitigated by the presence of a Chief Information Officer. Furthermore, we show that delayed disclosure has negative consequences on CEO compensation. Finally, our results are robust to alternative measures of disclosure delays and profitability. This paper highlights the adverse effect of delayed cyberattack disclosures and has broad implications for cybersecurity practices, regulatory frameworks, and risk management strategies.

economics

Wilson Li,Alvin Leung,Wei Yue,,,

DOI: https://doi.org/10.25300/misq/2022/15713

IF: 7.3

2023-03-01

MIS Quarterly

Abstract:Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches.

information science & library science,management,computer science, information systems

Matthew Cedergren,Ting Luo,Jing Wu,Jianqiao Yu,Yue Zhang

DOI: https://doi.org/10.1007/s11156-024-01332-x

2024-01-01

Review of Quantitative Finance and Accounting

Abstract:We investigate the effect of customers’ credit default swap (CDS) referencing on suppliers’ issuance of management forecasts. We argue that customers’ CDS referencing increases the suppliers’ business volatility, making forecasting more difficult. At the same time, the information from customers’ CDS market reduces investors’ demand for the suppliers’ disclosure and induces the suppliers to scale back their own disclosure. By using a difference-in-differences design, we find consistent evidence that firms tend to reduce their frequency of forecast issuance after the initiation of sales to CDS-referenced customers, compared to firms without CDS-referenced customers. This relationship is stronger when the supplier’s business relies more on CDS-referenced customers (thus strengthening the effect of customer CDS referencing on suppliers’ forecasting difficulty). In comparison, the relationship is weaker when customers have more analyst following (thus resulting in less incremental information produced by customer CDS referencing). Further analysis shows that the information channel seems to be the main mechanism for our findings. Finally, we find the negative relationship between the supplier’s management forecast issuance and its exposure to CDS-referenced customer firms is driven by good news forecasts, possibly due to the higher litigation risk associated with disclosing good news and withholding bad news. Our findings add to the literature examining the spillover effects of CDSs on entities outside those directly referenced by CDSs.

Qun Bao,Ju-Ying Wang,Rui Xie,Zheng-Qun Cai

DOI: https://doi.org/10.1155/2022/7984852

IF: 3.12

2022-09-18

Computational Intelligence and Neuroscience

Abstract:A supply chain's risk spillover effect will affect the customer's risk on the financing constraints of suppliers. This paper builds on the evaluation of customer risk by fuzzy mathematics, combines with the A-share listed companies in Shanghai and Shenzhen from 2007 to 2019 as a study sample, and empirically inspects the influence of customer risk on the level of corporate financing constraints. According to the study, it shows that the customer risk is currently at a moderate level, which will notably impair the supplier's external financing ability. This phenomenon is more remarkable when the monetary policy is tightened with fierce competition in the industry. This paper unveils the economic consequences of customer risk spillovers from a supply chain, enriches the study of the generation mechanism of corporate financing constraints, and provides investors and regulators with empirical evidence to appreciate corporate financing constraints.

mathematical & computational biology,neurosciences

Andrew M. Bauer,Darren Henderson,Daniel P. Lynch

DOI: https://doi.org/10.2308/accr-51889

2017-09-01

The Accounting Review

Abstract:ABSTRACT Internal controls influence information quality, thus affecting the ability of supply chain partners, who rely on collaborative systems of information sharing, to reliably contract. Using SOX-related internal control assessments as a proxy for internal control quality and U.S. GAAP-mandated major customer disclosures, we find that supplier internal control quality influences supply chain relationship duration. Specifically, our evidence demonstrates that: (1) poor internal control quality increases the likelihood of subsequent customer-supplier relationship termination; (2) timely control weakness remediation attenuates termination likelihood; and (3) weaknesses affecting customer contracting drive the effect of internal control quality on relationship termination. Our results control for supplier operational quality and performance, and are robust to propensity score matching techniques, controls for reverse causality, and alternative proxies for relationship termination and internal control quality. Overall, our findings are consistent with customers viewing strong supplier controls as important, albeit overlooked, contracting elements with significant implications for supply chain relationships.

Jaeyoung Park,Woosik Shin,Beomsoo Kim,Miyea Kim

DOI: https://doi.org/10.1108/intr-11-2022-0898

IF: 5.9

2024-04-09

Internet Research

Abstract:Purpose This study aims to explore the spillover effects of data breaches from a consumer perspective in the e-commerce context. Specifically, we investigate how an online retailer's data breach affects consumers' privacy risk perceptions of competing firms, and further how it affects shopping intention for the competitors. We also examine how the privacy risk contagion effect varies depending on the characteristics of competitors and their competitive responses. Design/methodology/approach We conducted two scenario-based experiments with surveys. To assess the spillover effects and the moderating effects, we employed an analysis of covariance. We also performed bootstrapping-based mediation analyses using the PROCESS macro. Findings We find evidence for the privacy risk contagion effect and demonstrate that it negatively influences consumers' shopping intention for a competing firm. We also find that a competitor's cybersecurity message is effective in avoiding the privacy risk contagion effect and the competitor even benefits from it. Originality/value While previous studies have examined the impacts of data breaches on customer perceptions of the breached firm, our study focuses on customer perceptions of the non-breached firms. To the best of the authors' knowledge, this study is one of the first to provide empirical evidence for the negative spillover effects of a data breach from a consumer perspective. More importantly, this study empirically demonstrates that the non-breached competitor's competitive response is effective in preventing unintended negative spillover in the context of the data breach.

computer science, information systems,telecommunications,business