Human Capital Acquisition in Response to Data Breaches
56 Pages Posted: 18 Mar 2021 Last revised: 26 Jul 2022
Date Written: July 25, 2022
Do firms react to data breaches by investing in cybersecurity talent? Or, are they more likely to invest in talent that helps protect their public image or tackle the legal aftermath? In other words, do they treat the root cause of the vulnerability through substantive human capital investments or do they treat the symptoms through symbolic ones (or both)? Combining unique information on data breach events and detailed firm-level job posting data, we leverage a difference-in-differences (DiD) design and show that firms increase their hiring by two percentage points for both cybersecurity as well as public relations and legal workers after suffering a breach, with important heterogeneity by firm type and industry. Using data on media and online search attention around data breaches, we further show that public scrutiny serves as an effective mechanism to encourage relatively more substantive human capital investment and thus helps to better align firms' incentives with those of the public. Given the increase in volume and severity of cyberattacks, our findings demonstrate the heterogeneous hiring responses across firms, industries, and different levels of public scrutiny, and provide guidance on how policymakers and the general public can incentivize firms to more substantively safeguard customers' data.
Keywords: Cybersecurity, Data Breaches, Substantive and Symbolic Adoption, Human Capital Acquisition, Media and Public Attention, Value of Data and Privacy
JEL Classification: D83, L86, K24, J24
Suggested Citation: Suggested Citation