Differential Market Reaction to Data Security Breaches: A Screening Perspective

Academic Article

Abstract

  • This paper aims to identify breach- and firm-level characteristics that may account for the heterogenous stock market reaction to data breaches. Drawing upon the screening theory, this paper examines the possibility of three breach characteristics (breach severity, breach locus, and breach controllability) and two firm attributes (CEO stock ownership, and corporate social responsibility (CSR) performance) serving as information screens to influence stock market reaction to a data breach incident. Using an archival dataset compiled from multiple sources, we examine 607 data breaches from 2004 to 2018 and find that the stock market reacts more negatively if a breach is more severe (i.e., involving more data records and financially sensitive consumer data), controllable (i.e., could have been prevented), and if the breached firm has weak corporate governance, as indicated by low CEO stock ownership. Furthermore, CSR provides “insurance-like” protection by attenuating the negative effects of breach severity, breach controllability, and poor corporate governance on firm value. The findings of this research highlight the relevance of screening theory as a theoretical lens for examining the contextual dependence of stock market reaction to data breaches on key breach- and firm-level characteristics.
  • Digital Object Identifier (doi)

    Start Page

  • 376
  • End Page

  • 401
  • Volume

  • 54