Too Good to Be True: Firm Social Performance and the Risk of Data Breach
成果类型:
Article
署名作者:
D'Arcy, John; Adjerid, Idris; Angst, Corey M.; Glavas, Ante
署名单位:
University of Delaware; Virginia Polytechnic Institute & State University; University of Notre Dame; University of Vermont
刊物名称:
INFORMATION SYSTEMS RESEARCH
ISSN/ISSBN:
1047-7047
DOI:
10.1287/isre.2020.0939
发表日期:
2020
页码:
1200-1223
关键词:
information-systems security
health-care security
earnings quality
financial performance
CORPORATE REPUTATION
Stakeholder theory
RESPONSIBILITY
disclosure
CSR
investments
摘要:
In this paper, we draw from research in the information systems security and management fields to theorize that a firm's social performance, as measured by its engagement in socially responsible (or irresponsible) activities (i.e., corporate social performance (CSP)), affects its likelihood of being subject to computer attacks that result in data breaches. Drawing from stakeholder theory and positioning employees and external hackers as key stakeholders of the firm with respect to information security, we propose a set of hypotheses that elaborate relationships between aspects of a firm's CSP and the likelihood of experiencing a data breach. To test our hypotheses, we compiled a unique data set that consists of publicly available data on firms' data breach incidents, external assessments of their CSP, and other firm-specific factors. Our contribution is an intriguing and previously unknown account of CSP as it relates to information security. Paradoxically, our results suggest that firms that are noted to have poor CSP records (i.e., CSP concerns) are no more likely to experience a data breach, although a positive CSP record (i.e., CSP strengths) in areas that are peripheral to core firm activities (e.g., philanthropy, recycling programs) results in an elevated likelihood of breach. Delving into this latter finding, our results suggest that firms that simultaneously have peripheral CSP strengths along with high CSP concerns in other areas are at increased risk of breach. The increased likelihood of breach for firms with seemingly disingenuous CSP records suggests that perceived greenwashing efforts that attempt to mask poor social performance make firms attractive targets for security exploitation.