Corporate Governance, Social Responsibility, and Data Breaches

We study whether corporate governance and social responsibility are related to data breaches. We find that socially responsible companies with smaller boards and greater financial expertise are less likely to be breached. The financial impact of a breach is visible in the long term. Specifically, data-breach firms have -3.5% one-year buy-and-hold abnormal returns. Additionally, banks with breaches have significant declines in deposits and nonbanks have significant declines in sales in the long run. Finally, we find that following a data breach, companies are more likely to replace their chief executive officer and chief technology officer as well as improve their governance and social responsibility.