IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v31y2020i4p1200-1223.html
   My bibliography  Save this article

Too Good to Be True: Firm Social Performance and the Risk of Data Breach

Author

Listed:
  • John D’Arcy

    (Department of Accounting and Management Information Systems, University of Delaware, Newark, Delaware 19716)

  • Idris Adjerid

    (Department of Business Information Technology, Virginia Tech, Blacksburg, Virginia 24061)

  • Corey M. Angst

    (Department of Information Technology, Analytics, and Operations, University of Notre Dame, Notre Dame, Indiana 46556)

  • Ante Glavas

    (Grossman School of Business, University of Vermont, Burlington, Vermont 05405)

Abstract

In this paper, we draw from research in the information systems security and management fields to theorize that a firm’s social performance, as measured by its engagement in socially responsible (or irresponsible) activities (i.e., corporate social performance (CSP)), affects its likelihood of being subject to computer attacks that result in data breaches. Drawing from stakeholder theory and positioning employees and external hackers as key stakeholders of the firm with respect to information security, we propose a set of hypotheses that elaborate relationships between aspects of a firm’s CSP and the likelihood of experiencing a data breach. To test our hypotheses, we compiled a unique data set that consists of publicly available data on firms’ data breach incidents, external assessments of their CSP, and other firm-specific factors. Our contribution is an intriguing and previously unknown account of CSP as it relates to information security. Paradoxically, our results suggest that firms that are noted to have poor CSP records (i.e., CSP concerns) are no more likely to experience a data breach, although a positive CSP record (i.e., CSP strengths) in areas that are peripheral to core firm activities (e.g., philanthropy, recycling programs) results in an elevated likelihood of breach. Delving into this latter finding, our results suggest that firms that simultaneously have peripheral CSP strengths along with high CSP concerns in other areas are at increased risk of breach. The increased likelihood of breach for firms with seemingly disingenuous CSP records suggests that perceived “greenwashing” efforts that attempt to mask poor social performance make firms attractive targets for security exploitation.

Suggested Citation

  • John D’Arcy & Idris Adjerid & Corey M. Angst & Ante Glavas, 2020. "Too Good to Be True: Firm Social Performance and the Risk of Data Breach," Information Systems Research, INFORMS, vol. 31(4), pages 1200-1223, December.
    • Handle: RePEc:inm:orisre:v:31:y:2020:i:4:p:1200-1223
    DOI: 10.1287/isre.2020.0939
    as

    Download full text from publisher

    File URL: https://doi.org/10.1287/isre.2020.0939
    Download Restriction: no
    File URL: https://libkey.io/10.1287/isre.2020.0939?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Sandra A. Waddock & Samuel B. Graves, 1997. "The Corporate Social Performance–Financial Performance Link," Strategic Management Journal, Wiley Blackwell, vol. 18(4), pages 303-319, April.
    2. Clyde Eiríkur Hull & Sandra Rothenberg, 2008. "Firm performance: the interactions of corporate social performance with innovation and industry differentiation," Strategic Management Journal, Wiley Blackwell, vol. 29(7), pages 781-789, July.
    3. Chieh-Peng Lin & Shwu-Chuan Chen & Chou-Kang Chiu & Wan-Yu Lee, 2011. "Understanding Purchase Intention During Product-Harm Crises: Moderating Effects of Perceived Corporate Ability and Corporate Social Responsibility," Journal of Business Ethics, Springer, vol. 102(3), pages 455-471, September.
    4. Gergely Nyilasy & Harsha Gangadharbatla & Angela Paladino, 2014. "Perceived Greenwashing: The Interactive Effects of Green Advertising and Corporate Environmental Performance on Consumer Reactions," Journal of Business Ethics, Springer, vol. 125(4), pages 693-707, December.
    5. S. Hansen & Benjamin Dunford & Alan Boss & R. Boss & Ingo Angermeier, 2011. "Corporate Social Responsibility and the Benefits of Employee Trust: A Cross-Disciplinary Perspective," Journal of Business Ethics, Springer, vol. 102(1), pages 29-45, August.
    6. Vanessa M Strike & Jijun Gao & Pratima Bansal, 2006. "Being good while being bad: social responsibility and the international diversification of US firms," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 37(6), pages 850-862, November.
    7. Jennifer Francis & Dhananjay Nanda & Per Olsson, 2008. "Voluntary Disclosure, Earnings Quality, and Cost of Capital," Journal of Accounting Research, Wiley Blackwell, vol. 46(1), pages 53-99, March.
    8. Christopher Marquis & Michael W. Toffel & Yanhua Zhou, 2016. "Scrutiny, Norms, and Selective Disclosure: A Global Study of Greenwashing," Organization Science, INFORMS, vol. 27(2), pages 483-504, April.
    9. Jaepil Choi & Heli Wang, 2009. "Stakeholder relations and the persistence of corporate financial performance," Strategic Management Journal, Wiley Blackwell, vol. 30(8), pages 895-907, August.
    10. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    11. Sora Kim, 2014. "What’s Worse in Times of Product-Harm Crisis? Negative Corporate Ability or Negative CSR Reputation?," Journal of Business Ethics, Springer, vol. 123(1), pages 157-170, August.
    12. Stephen J. Brammer & Stephen Pavelin, 2006. "Corporate Reputation and Social Performance: The Importance of Fit," Journal of Management Studies, Wiley Blackwell, vol. 43(3), pages 435-455, May.
    13. Timothy D. Hubbard & Dane M. Christensen & Scott D. Graffin, 2017. "Higher Highs and Lower Lows: The Role of Corporate Social Responsibility in CEO Dismissal," Strategic Management Journal, Wiley Blackwell, vol. 38(11), pages 2255-2265, November.
    14. Ramakrishna Ayyagari, 2012. "An Exploratory Analysis of Data Breaches from 2005-2011: Trends and Insights," Journal of Information Privacy and Security, Taylor & Francis Journals, vol. 8(2), pages 33-56, April.
    15. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    16. Y. Sekou Bermiss & Edward J. Zajac & Brayden G King, 2014. "Under Construction: How Commensuration and Management Fashion Affect Corporate Reputation Rankings," Organization Science, INFORMS, vol. 25(2), pages 591-608, April.
    17. Anandhi S. Bharadwaj & Sundar G. Bharadwaj & Benn R. Konsynski, 1999. "Information Technology Effects on Firm Performance as Measured by Tobin's q," Management Science, INFORMS, vol. 45(7), pages 1008-1024, July.
    18. Yu-Shan Chen & Chang-Liang Lin & Ching-Hsun Chang, 2014. "The influence of greenwash on green word-of-mouth (green WOM): the mediation effects of green perceived quality and green satisfaction," Quality & Quantity: International Journal of Methodology, Springer, vol. 48(5), pages 2411-2425, September.
    19. Magda B. L. Donia & Sigalit Ronen & Carol-Ann Tetrault Sirsly & Silvia Bonaccio, 2019. "CSR by Any Other Name? The Differential Impact of Substantive and Symbolic CSR Attributions on Employee Outcomes," Journal of Business Ethics, Springer, vol. 157(2), pages 503-523, June.
    20. Thomas P. Lyon & John W. Maxwell, 2011. "Greenwash: Corporate Environmental Disclosure under Threat of Audit," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 20(1), pages 3-41, March.
    21. David P. Baron & Daniel Diermeier, 2007. "Introduction to the Special Issue on Nonmarket Strategy and Social Responsibility," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 16(3), pages 539-545, September.
    22. King, Gary & Zeng, Langche, 2001. "Logistic Regression in Rare Events Data," Political Analysis, Cambridge University Press, vol. 9(2), pages 137-163, January.
    23. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    24. Dylan Minor, 2015. "The Value of Corporate Citizenship: Protection," Harvard Business School Working Papers 16-021, Harvard Business School.
    25. Cynthia A. Montgomery & Birger Wernerfelt, 1988. "Diversification, Ricardian Rents, and Tobin's q," RAND Journal of Economics, The RAND Corporation, vol. 19(4), pages 623-632, Winter.
    26. Jack Shih-Chieh Hsu & Sheng-Pao Shih & Yu Wen Hung & Paul Benjamin Lowry, 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information Systems Research, INFORMS, vol. 26(2), pages 282-300, June.
    27. David P. Baron, 2009. "A Positive Theory of Moral Management, Social Pressure, and Corporate Social Performance," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 18(1), pages 7-43, March.
    28. Christopher Marquis & Cuili Qian, 2014. "Corporate Social Responsibility Reporting in China: Symbol or Substance?," Organization Science, INFORMS, vol. 25(1), pages 127-148, February.
    29. Parthiban David & Matt Bloom & Amy J. Hillman, 2007. "Investor activism, managerial responsiveness, and corporate social performance," Strategic Management Journal, Wiley Blackwell, vol. 28(1), pages 91-100, January.
    30. Ioannis Ioannou & George Serafeim, 2015. "The impact of corporate social responsibility on investment recommendations: Analysts' perceptions and shifting institutional logics," Strategic Management Journal, Wiley Blackwell, vol. 36(7), pages 1053-1081, July.
    31. Donia, Magda B.L. & Tetrault Sirsly, Carol-Ann, 2016. "Determinants and consequences of employee attributions of corporate social responsibility as substantive or symbolic," European Management Journal, Elsevier, vol. 34(3), pages 232-242.
    32. Aguinis, Herman & Glavas, Ante, 2013. "Embedded Versus Peripheral Corporate Social Responsibility: Psychological Foundations," Industrial and Organizational Psychology, Cambridge University Press, vol. 6(4), pages 314-332, December.
    33. Julian F. Kölbel & Timo Busch & Leonhardt M. Jancso, 2017. "How Media Coverage of Corporate Social Irresponsibility Increases Financial Risk," Strategic Management Journal, Wiley Blackwell, vol. 38(11), pages 2266-2284, November.
    34. Aaron K. Chatterji & Michael W. Toffel, 2010. "How firms respond to being rated," Strategic Management Journal, Wiley Blackwell, vol. 31(9), pages 917-945, September.
    35. Paul C. Godfrey & Craig B. Merrill & Jared M. Hansen, 2009. "The relationship between corporate social responsibility and shareholder value: an empirical test of the risk management hypothesis," Strategic Management Journal, Wiley Blackwell, vol. 30(4), pages 425-445, April.
    36. Kar Yan Tam, 1998. "The Impact of Information Technology Investments on Firm Performance and Evaluation: Evidence from Newly Industrialized Economies," Information Systems Research, INFORMS, vol. 9(1), pages 85-98, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Jin Li & Wei Xiao & Chong Zhang, 2023. "Data security crisis in universities: identification of key factors affecting data breach incidents," Palgrave Communications, Palgrave Macmillan, vol. 10(1), pages 1-18, December.
    2. Choi, Hyoung-Yong & Park, Junyoung, 2022. "Do data-driven CSR initiatives improve CSR performance? The importance of big data analytics capability," Technological Forecasting and Social Change, Elsevier, vol. 182(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Saridakis, Charalampos & Angelidou, Sofia & Woodside, Arch G., 2020. "What type of CSR engagement suits my firm best? Evidence from an abductively-derived typology," Journal of Business Research, Elsevier, vol. 108(C), pages 174-187.
    2. Hans B. Christensen & Luzi Hail & Christian Leuz, 2021. "Mandatory CSR and sustainability reporting: economic analysis and literature review," Review of Accounting Studies, Springer, vol. 26(3), pages 1176-1248, September.
    3. Tai-Hsi Wu & Hsiang-Lin Chih & Mei-Chen Lin & Yi Hua Wu, 2020. "A Data Envelopment Analysis-Based Methodology Adopting Assurance Region Approach for Measuring Corporate Social Performance," Social Indicators Research: An International and Interdisciplinary Journal for Quality-of-Life Measurement, Springer, vol. 148(3), pages 863-892, April.
    4. Saridakis, Charalampos & Angelidou, Sofia & Woodside, Arch G., 2023. "How historical and social aspirations reshape the relationship between corporate financial performance and corporate social responsibility," Journal of Business Research, Elsevier, vol. 157(C).
    5. Olga Hawn, 2021. "How media coverage of corporate social responsibility and irresponsibility influences cross‐border acquisitions," Strategic Management Journal, Wiley Blackwell, vol. 42(1), pages 58-83, January.
    6. Jun Li & Di (Andrew) Wu, 2020. "Do Corporate Social Responsibility Engagements Lead to Real Environmental, Social, and Governance Impact?," Management Science, INFORMS, vol. 66(6), pages 2564-2588, June.
    7. Woon Leong Lin & Chin Lee & Siong Hook Law, 2021. "Asymmetric effects of corporate sustainability strategy on value creation among global automotive firms: A dynamic panel quantile regression approach," Business Strategy and the Environment, Wiley Blackwell, vol. 30(2), pages 931-954, February.
    8. Aseem Kaul & Jiao Luo, 2018. "An economic case for CSR: The comparative efficiency of for‐profit firms in meeting consumer demand for social goods," Strategic Management Journal, Wiley Blackwell, vol. 39(6), pages 1650-1677, June.
    9. Francisco Javier Forcadell & Antonio Lorena & Elisa Aracil, 2023. "The firm under the spotlight: How stakeholder scrutiny shapes corporate social responsibility and its influence on performance," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 30(3), pages 1258-1272, May.
    10. Silvia Ruiz-Blanco & Silvia Romero & Belen Fernandez-Feijoo, 2022. "Green, blue or black, but washing–What company characteristics determine greenwashing?," Environment, Development and Sustainability: A Multidisciplinary Approach to the Theory and Practice of Sustainable Development, Springer, vol. 24(3), pages 4024-4045, March.
    11. Byung‐Jik Kim & Youngkyun Chang & Tae‐Hyun Kim, 2023. "Translating corporate social responsibility into financial performance: Exploring roles of work engagement and strategic coherence," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 30(5), pages 2555-2573, September.
    12. Ting-Ting Li & Kai Wang & Toshiyuki Sueyoshi & Derek D. Wang, 2021. "ESG: Research Progress and Future Prospects," Sustainability, MDPI, vol. 13(21), pages 1-28, October.
    13. Jennifer L. Robertson & A. Wren Montgomery & Timur Ozbilir, 2023. "Employees' response to corporate greenwashing," Business Strategy and the Environment, Wiley Blackwell, vol. 32(7), pages 4015-4027, November.
    14. Giovanni Catello Landi & Francesca Iandolo & Antonio Renzi & Andrea Rey, 2022. "Embedding sustainability in risk management: The impact of environmental, social, and governance ratings on corporate financial risk," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 29(4), pages 1096-1107, July.
    15. Andrew Bryant & Jennifer J. Griffin & Vanessa G. Perry, 2020. "Mitigating climate change: A role for regulations and risk‐taking," Business Strategy and the Environment, Wiley Blackwell, vol. 29(2), pages 605-618, February.
    16. Jacob Brower & Peter A. Dacin, 2020. "An Institutional Theory Approach to the Evolution of the Corporate Social Performance – Corporate Financial Performance Relationship," Journal of Management Studies, Wiley Blackwell, vol. 57(4), pages 805-836, June.
    17. Emily S. Block & Ante Glavas & Michael J. Mannor & Laura Erskine, 2017. "Business for Good? An Investigation into the Strategies Firms Use to Maximize the Impact of Financial Corporate Philanthropy on Employee Attitudes," Journal of Business Ethics, Springer, vol. 146(1), pages 167-183, November.
    18. Jin‐Ki Hong & Ji‐Hwan Lee & Taewoo Roh, 2022. "The effects of CEO narcissism on corporate social responsibility and irresponsibility," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(6), pages 1926-1940, September.
    19. Yuan Yuan & Gaoliang Tian & Louise Yi Lu & Yangxin Yu, 2019. "CEO Ability and Corporate Social Responsibility," Journal of Business Ethics, Springer, vol. 157(2), pages 391-411, June.
    20. Chiu, Sana (Shih-chi) & Hoskisson, Robert E. & Tony Kong, Dejun & Li, Andrew & Shao, Ping, 2023. "Predicting primary and secondary stakeholder engagement: A CEO motivation-means contingency model," Journal of Business Research, Elsevier, vol. 160(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:31:y:2020:i:4:p:1200-1223. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.