Ever-increasing data breach incidents are destroying firms’ operations and financial sustainability. We examine the association between corporate social irresponsibility (CSIR) and data breach incidents, stock market reactions to these incidents, and how the affected firms respond to data breaches. Using a sample of 24,456 observations from 2005 to 2018, we find a positive and significant association between CSIR and the occurrence of data breaches. More importantly, CSIR, regarding employee, community, and corporate governance issues, is more likely to result in internal data breaches, and environmental concerns can trigger external attacks. In contrast, product concerns can lead to both internal breaches and external attacks. Consistent with our prediction, the negative stock market reaction to data breaches is more pronounced in CSIR than in non-CSIR firms. Finally, we show that firms respond to data breaches by establishing corporate social responsibility (CSR) committees. Firms with such committees, especially those with robust CSR committees, are more likely to react to data breaches by mitigating CSIR. Our results offer important and timely policy, practice, and research implications as data breaches persist.

中文翻译：

---

企业社会不责任与数据泄露的发生：利益相关者管理的视角


不断增加的数据泄露事件正在破坏公司的运营和财务可持续性。我们研究了企业社会不责任 (CSIR) 与数据泄露事件之间的关联、股市对这些事件的反应以及受影响的公司如何应对数据泄露。使用 2005 年至 2018 年的 24,456 个观察样本，我们发现 CSIR 与数据泄露的发生之间存在显着的正相关关系。更重要的是，CSIR涉及员工、社区和公司治理问题，更容易导致内部数据泄露，而环境问题则可能引发外部攻击。相比之下，产品问题可能会导致内部违规和外部攻击。与我们的预测一致，CSIR 中的股票市场对数据泄露的负面反应比非 CSIR 中的公司更为明显。最后，我们表明企业通过建立企业社会责任（CSR）委员会来应对数据泄露。拥有此类委员会的公司，尤其是拥有强大的企业社会责任委员会的公司，更有可能通过减轻 CSIR 来应对数据泄露。随着数据泄露事件持续存在，我们的研究结果提供了重要且及时的政策、实践和研究启示。