Many firms cite cyber risk as a primary risk factor due to the increase in cybersecurity breach (CSB) incidents. Existing research focuses on the negative, short-term impacts from CSBs, but the longer-term impact is still unknown. Our study investigates a firm's level of innovation following a CSB as an important determinant of firm growth and profitability. Examining reported breaches from 2005-2014, we find a 10 percent decline in research and development (R&D) spending in the year following a CSB. Further investigation indicates that firms for which R&D is not the primary business model drive the results. We also provide evidence of a decrease in patents two years after a breach, an increase in cash holdings in the year after the breach, and a decrease in investment efficiency four years following the breach. Our aggregate results suggest that CSBs are associated with future strategic decisions involving firm-level innovation and investment decisions.

This content is only available as a PDF.
You do not currently have access to this content.