ABSTRACT

Many firms cite cyber risk as a primary risk factor due to the increase in cybersecurity breach (CSB) incidents. Existing research focuses on the negative, short-term impacts from CSBs, but the longer-term impact is still unknown. Our study investigates firms' levels of innovation following a CSB as an important determinant of firm growth and profitability. Examining reported breaches from 2005–2014, we find a 10 percent decline in research and development spending in the year following a CSB. Further investigation indicates that firms for which R&D is not the primary business model drive the results. We also provide evidence of a decrease in patents two years after a breach, an increase in cash holdings in the year after the breach, and a decrease in investment efficiency four years following the breach. Our aggregate results suggest that CSBs are associated with future strategic decisions involving firm-level innovation and investment decisions.

Data Availability: Data are available from the public sources cited in the text.

You do not currently have access to this content.