Cybersecurity breaches and investors’ interest in the firm as an investment

Kristina C. Demek, Steven E. Kaplan

Research output: Contribution to journalArticlepeer-review

Abstract

Cybersecurity breaches pose a significant risk to firms. To combat these risks, many firms engage in strategic cybersecurity risk management initiatives. While these efforts may reduce the likelihood of a cybersecurity breach, they do not eliminate the risk of a breach. In the event of a cybersecurity breach, firms may issue an apology to investors. This study uses an experiment to examine whether a firm indicates cybersecurity risk management is a strategic initiative and whether a post-cybersecurity breach apology by the CEO impacts nonprofessional investors’ investment interest in the firm. Results show that, in response to a cybersecurity breach, the presence of a CEO apology positively impacts investors’ investment impression and their perceptions of CEO affective and CEO cognitive trust. We find that investors’ investment interest is lowest for a firm that previously indicates cybersecurity risk management is a strategic initiative and where the CEO does not issue an apology. The CEO apology, however, does not significantly impact investment amount, a secondary measure of investor interest. Results from this study have implications for managers, investors, and regulators.

Original languageEnglish (US)
Article number100616
JournalInternational Journal of Accounting Information Systems
Volume49
DOIs
StatePublished - Jun 2023
Externally publishedYes

Keywords

  • Apology
  • CEO affective trust
  • CEO cognitive trust
  • Cybersecurity risk management
  • Data breach
  • Non-professional investors

ASJC Scopus subject areas

  • Management Information Systems
  • Accounting
  • Finance
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Cybersecurity breaches and investors’ interest in the firm as an investment'. Together they form a unique fingerprint.

Cite this