In this study, we seek to provide insights into the conflicting findings from prior research about whether the consequences of a cybersecurity breach spillover to non-breached bystander firms in the same industry − a phenomenon known as contagion effects. When considering the implications of a breach for a bystander firm, we suggest investors will rely on the loss heuristic and thus view loss (profit) bystander firms as more (less) likely to suffer a similar breach in the future. This will lead to greater cybersecurity breach contagion effects for loss firms than for profit firms. Furthermore, we propose that internal control quality will mitigate contagion effects and to a greater extent for loss firms than for profit firms. To test our hypotheses, we use a sample of cybersecurity breaches and identify a sample of non-breached bystander firms in the same subindustry as the breached firms. Our findings support our predictions and help explain the mixed findings from research on cybersecurity breach contagion effects. Results should also be informative to boards of directors and firm management considering ways to minimize costs associated with contagion effects.

中文翻译：

---

了解网络安全漏洞传染效应：损失启发式和内部控制的作用


在这项研究中，我们试图深入了解先前研究的相互矛盾的结果，即网络安全漏洞的后果是否会溢出到同一行业中未违规的旁观者公司——这种现象被称为传染效应。在考虑违规行为对旁观者公司的影响时，我们建议投资者依赖损失启发法，从而将损失（利润）旁观者公司视为未来遭受类似违规行为的可能性更大（更少）。这将给亏损公司带来比盈利公司更大的网络安全漏洞传染效应。此外，我们认为，内部控制质量将减轻传染效应，并且对亏损企业的影响比对盈利企业的影响更大。为了检验我们的假设，我们使用了网络安全漏洞样本，并确定了与违规公司位于同一子行业的未违规旁观者公司样本。我们的研究结果支持了我们的预测，并有助于解释网络安全漏洞传染效应研究中的复杂结果。结果还应该为董事会和公司管理层提供信息，以考虑如何最大限度地减少与传染效应相关的成本。