The Role of Peer Events in Corporate Governance: Evidence from Data Breaches
研究发现,同行公司发生数据泄露后,未受影响的公司会减少内部控制重大缺陷,并更可能聘请网络安全专家,表明负面同行事件能促进公司治理改善。
ABSTRACT Economic theory suggests that negative peer events can result in market-wide spillovers that help unaffected firms take real actions to enhance corporate governance. Motivated by the SEC's concern about cybersecurity, I study the role of peer events in corporate governance using the setting of data breaches. While controlling for firm-specific time-varying unobservable characteristics, I find that peer data breaches are associated with a reduction in future internal control material weaknesses for non-breached firms. The association is robust to a changes analysis and varies cross-sectionally with breach, firm, and board characteristics. Inferences remain consistent when studying IT-related material weaknesses only. Finally, non-breached firms are more likely to have a cybersecurity expert on the top management team after a peer breach. My findings have important implications for mandatory disclosure regulation in general and, in particular, suggest that regulators can help reduce market-wide exposure to cyber risk by facilitating disclosure of cyber incidents. Data Availability: All data used in the study are publicly available. JEL Classifications: G34; M15.