Unpacking Firms’ Non-Market Responses to Data Breaches: Evidence from Cybersecurity Lobbying Activities

40 Pages Posted: 10 Nov 2022 Last revised: 7 Mar 2023

See all articles by Boshuo Li

Boshuo Li

University of Miami - Department of Management

Yuxiang Xie

Xiamen University - Wang Yanan Institute for Studies in Economics (WISE)

Yili Hong

University of Miami Herbert Business School

Wei Shi

University of Miami; University of Miami - Department of Management

Date Written: October 31, 2022

Abstract

As well documented in the Information Systems (IS) literature, in addressing the negative impact of data breaches, firms often make internal organizational adaptations and investments to satisfy the demands of market participants. In this study, by contrast, we explore how firms pursue non-market actions that can shape firms’ external regulatory environment in response to data breach incidents. Specifically, we conceptually propose and empirically examine the association between data breaches and a common non-market activity – cybersecurity lobbying. Based on econometric analyses of U.S. publicly listed firms, we find that data breach incidents increase firms’ demands for reinforcing cybersecurity laws and regulations, heightening firms’ cybersecurity lobbying activities, which provides firms with a direct channel to influence decisions made by legislators and regulators and navigate cybersecurity laws and regulations toward alignment with the firms’ interests. We also find that such effect is stronger in the presence of advanced risk management techniques, which endow firms with well-prepared incident response plans for data breaches. This effect is also stronger for firms with greater commitments to cybersecurity innovation, which emphasizes the importance of leveraging non-market tools to materialize returns from market investments. In addition, this effect mainly exists in terms of cybersecurity lobbying on cooperative laws rather than coercive laws, suggesting that firms subject to data breaches mainly lobby for enhancing cybersecurity infrastructures and disclosure rules instead of reinforcing investigations and punishments on criminals. This study contributes to the IS literature by unpacking cybersecurity lobbying as an important non-market response to data breaches and highlighting the role of firms in shaping cybersecurity laws and regulations.

Keywords: Data breach, Cybersecurity, Lobbying, Non-market activity, Public firms

Suggested Citation

Li, Boshuo and Xie, Yuxiang and Hong, Yili and Shi, Wei and Shi, Wei, Unpacking Firms’ Non-Market Responses to Data Breaches: Evidence from Cybersecurity Lobbying Activities (October 31, 2022). Available at SSRN: https://ssrn.com/abstract=4263031 or http://dx.doi.org/10.2139/ssrn.4263031

Boshuo Li

University of Miami - Department of Management ( email )

United States

Yuxiang Xie

Xiamen University - Wang Yanan Institute for Studies in Economics (WISE) ( email )

A 307, Economics Building
Xiamen, Fujian 10246
China

Yili Hong (Contact Author)

University of Miami Herbert Business School ( email )

P.O. Box 248126
Florida
Coral Gables, FL 33124
United States

Wei Shi

University of Miami ( email )

FL FL
United States

University of Miami - Department of Management ( email )

United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
237
Abstract Views
1,176
Rank
237,230
PlumX Metrics