Consumer Protection Regulation and the Cost of Equity: Evidence from Data Breach Disclosure Laws
Posted: 19 Jan 2019 Last revised: 22 May 2020
Date Written: December 27, 2018
We exploit plausibly exogenous state-level variation in data breach disclosure laws to study the impact of consumer protection regulation on firms’ cost of equity capital. We find that cost of equity decreases, on average, after the staggered passage of these laws by U.S. states. This is consistent with the laws incentivizing firms to proactively invest in cybersecurity and reduce exposure to cyber risk. The beneficial impact on the cost of equity is weaker for firms that invest in information technology and cybersecurity regardless of the laws and firms with greater sensitivity to adverse consequences that are triggered if a firm were to disclose a data breach in the future. Finally, after passage of these laws, firms are more likely to have an IT security executive officer and increase investments in information technology, suggesting that these laws are effective in inducing firms to take real actions to reduce cyber risk.
Keywords: cybersecurity, cyber risk, disclosure laws, cost of capital, information technology
JEL Classification: G120, G340
Suggested Citation: Suggested Citation