Cybersecurity Hiring in Response to Data Breaches

Do firms react to data breaches by investing in cybersecurity talent? We assemble a unique dataset on firm responses from the last decade, combining data breach information with detailed firm-level hiring data from online job postings. Using a difference-in-differences design, we find that firms indeed increase their hiring for cybersecurity workers. While this effect is statistically significant, the economic magnitude is small, which is consistent with firms' lack of incentives to improve their cybersecurity infrastructure. Further, we collect data from the MIT MediaCloud and Google Trends to measure media and public attention following breach events. We find that firms with greater media and search attention after a breach are three times as likely to post a cybersecurity job. This provides evidence of market failure in cybersecurity investment that can be attributed to information asymmetries, and suggests additional scrutiny can ameliorate this market failures. With an increase in both the value of data as well as the number of cyberattacks, our research provides important insight into how media coverage and public attention can provide proper incentives for firms to make substantive, instead of symbolic, IT investments to safeguard their customer data.

Keywords: Cybersecurity, Skill and Talent Acquisition, Value of Data and Privacy

JEL Classification: D83, L86, K24, J24

Suggested Citation: Suggested Citation

Bana, Sarah and Brynjolfsson, Erik and Jin, Wang and Steffen, Sebastian and Wang, Xiupeng, Cybersecurity Hiring in Response to Data Breaches (March 16, 2021). Available at SSRN: https://ssrn.com/abstract=3806060 or http://dx.doi.org/10.2139/ssrn.3806060