EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Too Good to Be True: Firm Social Performance and the Risk of Data Breach

John D’Arcy (), Idris Adjerid (), Corey M. Angst () and Ante Glavas ()
Additional contact information
John D’Arcy: Department of Accounting and Management Information Systems, University of Delaware, Newark, Delaware 19716
Idris Adjerid: Department of Business Information Technology, Virginia Tech, Blacksburg, Virginia 24061
Corey M. Angst: Department of Information Technology, Analytics, and Operations, University of Notre Dame, Notre Dame, Indiana 46556
Ante Glavas: Grossman School of Business, University of Vermont, Burlington, Vermont 05405

Information Systems Research, 2020, vol. 31, issue 4, 1200-1223

Abstract: In this paper, we draw from research in the information systems security and management fields to theorize that a firm’s social performance, as measured by its engagement in socially responsible (or irresponsible) activities (i.e., corporate social performance (CSP)), affects its likelihood of being subject to computer attacks that result in data breaches. Drawing from stakeholder theory and positioning employees and external hackers as key stakeholders of the firm with respect to information security, we propose a set of hypotheses that elaborate relationships between aspects of a firm’s CSP and the likelihood of experiencing a data breach. To test our hypotheses, we compiled a unique data set that consists of publicly available data on firms’ data breach incidents, external assessments of their CSP, and other firm-specific factors. Our contribution is an intriguing and previously unknown account of CSP as it relates to information security. Paradoxically, our results suggest that firms that are noted to have poor CSP records (i.e., CSP concerns) are no more likely to experience a data breach, although a positive CSP record (i.e., CSP strengths) in areas that are peripheral to core firm activities (e.g., philanthropy, recycling programs) results in an elevated likelihood of breach. Delving into this latter finding, our results suggest that firms that simultaneously have peripheral CSP strengths along with high CSP concerns in other areas are at increased risk of breach. The increased likelihood of breach for firms with seemingly disingenuous CSP records suggests that perceived “greenwashing” efforts that attempt to mask poor social performance make firms attractive targets for security exploitation.

Keywords: data breach; corporate social performance; stakeholder theory; information security; information security management; Longitudinal; panel data; econometric analysis (search for similar items in EconPapers)
Date: 2020
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (4)

Downloads: (external link)
https://doi.org/10.1287/isre.2020.0939 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:inm:orisre:v:31:y:2020:i:4:p:1200-1223

Access Statistics for this article

More articles in Information Systems Research from INFORMS Contact information at EDIRC.
Bibliographic data for series maintained by Chris Asher ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:inm:orisre:v:31:y:2020:i:4:p:1200-1223