Research has extensively investigated the rationale of firm diversity from the economic perspective, but little is known about how such a strategy may affect information security. The present study is the first to examine how firm diversity is relevant to firms’ likelihood to experience data breaches (i.e., data breach risk). Drawing from the strands of literature on information security, diversification, and resource-based view, we propose hypotheses on the relationship between firm diversity and data breach risk, as well as the boundary conditions of this relationship. On the basis of a twelve-year sample of publicly-listed firms, our analysis provides evidence to support the negative association between firm diversity and data breach risk. Our analysis also delineates conditions under which the effects of firm diversity can intervene to reduce the data breach risk invoked, such as under related diversity and when managers are managerially capable. For academics, our research accentuates an intriguing but unexamined benefit of firm diversity because it relates to information security. For practicing professionals, this research highlights the significant impact of firms’ operational structure on information security.

研究从经济角度广泛研究了公司多元化的基本原理，但对于这种策略如何影响信息安全知之甚少。本研究首次检验了公司多样性与公司遭受数据泄露的可能性（即数据泄露风险）之间的关系。从信息安全、多元化和基于资源的观点的大量文献中，我们提出了关于公司多元化与数据泄露风险之间关系的假设，以及这种关系的边界条件。基于公开上市公司的 12 年样本，我们的分析提供了支持公司多样性与数据泄露风险之间负相关关系的证据。我们的分析还描述了公司多元化的影响可以干预以降低所引发的数据泄露风险的条件，例如在相关的多元化和管理者具备管理能力的情况下。对于学者来说，我们的研究强调了公司多元化的一个有趣但未经检验的好处，因为它与信息安全有关。对于执业专业人士，本研究强调了公司运营结构对信息安全的重大影响。