In an era of growing social activism, companies engaged in socially irresponsible practices are increasingly vulnerable to data breaches, resulting in substantial reputational and financial losses. This study examines how corporate social irresponsibility (CSI) influences a company's data breach risk. We argue that CSI has an impact on data breach risk by influencing the intentional behaviors of both employees and external hackers. Given that CSI is a broad concept and can take on various forms, we further examine whether some forms of CSI pose a more significant threat than others. Our empirical analysis of data breaches in publicly listed US firms from 2005 to 2017 indicates that compared to the forms of CSI that violate broader social norms (e.g., environmental damages), CSI activities that jeopardize a company's economic value delivery (e.g., product deficiencies) play a more dominant role in driving data breach risk. Furthermore, we find that corporate social responsibility (CSR) can have a dual impact on moderating the relationship between CSI and data breaches. While CSR often helps mitigate CSI-induced data breach risk, this risk is heightened when both CSR and CSI relate to a firm's economic value delivery. This study provides critical insights into how companies can navigate complex data breach risk by managing their social performance.

中文翻译：

---

注重基础？企业社会不责任与数据泄露风险关系调查


在社会活动日益盛行的时代，从事对社会不负责任行为的公司越来越容易受到数据泄露的影响，从而导致巨大的声誉和财务损失。本研究探讨了企业社会不责任 (CSI) 如何影响公司的数据泄露风险。我们认为 CSI 通过影响员工和外部黑客的故意行为来影响数据泄露风险。鉴于 CSI 是一个广泛的概念，可以采取多种形式，我们进一步研究某些形式的 CSI 是否比其他形式构成更重大的威胁。我们对 2005 年至 2017 年美国上市公司数据泄露事件的实证分析表明，与违反更广泛社会规范（例如环境破坏）的 CSI 形式相比，危害公司经济价值交付（例如产品缺陷）的 CSI 活动在推动数据泄露风险方面发挥更主导作用。此外，我们发现企业社会责任 (CSR) 可以对调节 CSI 和数据泄露之间的关系产生双重影响。虽然企业社会责任通常有助于减轻 CSI 引发的数据泄露风险，但当企业社会责任和 CSI 都与公司的经济价值交付相关时，这种风险就会加剧。这项研究为企业如何通过管理其社交绩效来应对复杂的数据泄露风险提供了重要的见解。