Human Capital Acquisition in Response to Data Breaches

Bana, Sarah; Brynjolfsson, Erik; Jin, Wang; Steffen, Sebastian; Wang, Xiupeng

doi:10.2139/ssrn.3806060

Download This Paper

Open PDF in Browser

Add Paper to My Library

Human Capital Acquisition in Response to Data Breaches

55 Pages Posted: 18 Mar 2021 Last revised: 7 Aug 2023

See all articles by Sarah Bana

Sarah Bana

Stanford University; Chapman University - The George L. Argyros College of Business and Economics

Erik Brynjolfsson

National Bureau of Economic Research (NBER); Stanford

Sebastian Steffen

Boston College - Carroll School of Management; Stanford Digital Economy Lab (S-DEL); Massachusetts Institute of Technology (MIT) - Initiative on the Digital Economy; MIT Sloan School of Management

Xiupeng Wang

Northeastern University - D’Amore-McKim School of Business; Stanford Digital Economy Lab; Boston University

Date Written: June 30, 2023

Abstract

As data security threats become more frequent and costly, it is increasingly important to understand how firms strategically acquire human capital in response to data breaches. We analyze such threats by combining unique information on data breach events with detailed firm-level job posting data and show that breached firms significantly increase their demand for cybersecurity workers in the quarters following a breach. To differentiate the varied cybersecurity roles that firms seek, we use the widely-used Cybersecurity Workforce Framework of the National Initiative for Cybersecurity Education (NICE) and find that firms predominantly hire for managing and developing cybersecurity strategy, and for identifying, analyzing, and mitigating threats to IT systems. We further observe that firms respond to breaches by hiring not only cybersecurity workers but also public relations workers, with the latter occurring more quickly, suggesting that firms rely on these workers to manage trust and external communications. To improve the interpretation of a causal relationship between data breaches and increased investment in cybersecurity-related human capital, we conduct tests of parallel trend and falsification tests using non-cyber data breaches, propensity score matching, and staggered Difference-in-Difference methods for multiple treatment timing and heterogeneous treatment effects. Overall, we demonstrate the important role of human capital investments in firms’ post-breach incident responses.

Keywords: Cybersecurity, Data Breaches, Human Capital Acquisition, Value of Data and Privacy, Incident Response

JEL Classification: D83, L86, K24, J24

Suggested Citation: Suggested Citation

Bana, Sarah and Brynjolfsson, Erik and Jin, Wang and Steffen, Sebastian and Wang, Xiupeng, Human Capital Acquisition in Response to Data Breaches (June 30, 2023). Available at SSRN: https://ssrn.com/abstract=3806060 or http://dx.doi.org/10.2139/ssrn.3806060