IDEAS home Printed from https://ideas.repec.org/a/eee/finlet/v78y2025ics1544612325004349.html

Does cybersecurity regulation reduce corporate data-breach risk?

Author

Listed:
  • Gao, Lujia
  • Chen, Zhaoying
  • Zhao, Wei
  • Lai, Xuanyu

Abstract

This study examines the impact of cybersecurity regulation on corporate data-breach risk, leveraging China's Cybersecurity Law implementation as a quasi-natural experiment. Using data from 3,761 Chinese firms from 2007 to 2022, this study reveals that cybersecurity regulation effectively mitigates data-breach risk by enhancing firms’ cybersecurity cultures and systems. Subsequent heterogeneity analysis reveals that the effect is more pronounced for non-state-owned enterprises and high-tech industries. This study contributes to the literature on cybersecurity and data breaches, providing policymakers with insights to optimize cybersecurity regulations.

Suggested Citation

  • Gao, Lujia & Chen, Zhaoying & Zhao, Wei & Lai, Xuanyu, 2025. "Does cybersecurity regulation reduce corporate data-breach risk?," Finance Research Letters, Elsevier, vol. 78(C).
    • Handle: RePEc:eee:finlet:v:78:y:2025:i:c:s1544612325004349
    DOI: 10.1016/j.frl.2025.107171
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1544612325004349
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.frl.2025.107171?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Wang, Jimin & Ho, Choy Yeing (Chloe) & Shan, Yuan George, 2024. "Does cybersecurity risk stifle corporate innovation activities?," International Review of Financial Analysis, Elsevier, vol. 91(C).
    2. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    3. Li, Ling & He, Wu & Xu, Li & Ash, Ivan & Anwar, Mohd & Yuan, Xiaohong, 2019. "Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior," International Journal of Information Management, Elsevier, vol. 45(C), pages 13-24.
    4. Lattanzio, Gabriele & Ma, Yue, 2023. "Cybersecurity risk and corporate innovation," Journal of Corporate Finance, Elsevier, vol. 82(C).
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Xu, Jing, 2025. "Cybersecurity governance and corporate innovation: evidence from China," Finance Research Letters, Elsevier, vol. 82(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Lin, Weizheng & Wang, Chih-Wei & Li, Ying-Jie & Chen, Jian-Yun, 2025. "From green to digital: Exploring the role of ecological footprints on cybersecurity risk," Energy Economics, Elsevier, vol. 146(C).
    2. Patel, Pankaj C., 2025. "Anchored by reliability, swayed by institutional forces: Cybersecurity risk deviance from industry norms and its contingencies on risk and volatility," Journal of Business Research, Elsevier, vol. 199(C).
    3. Tan, Weijie & Guo, Binhua & Zhang, Qiantao, 2025. "Cybersecurity governance and corporate market value: Perspectives from investor trust and supply chain trust," Pacific-Basin Finance Journal, Elsevier, vol. 90(C).
    4. Lee, Chien-Chiang & Wang, Chih-Wei & Lin, Weizheng & Chen, En-Jia, 2025. "Cyber risk and corporate share repurchases," International Review of Financial Analysis, Elsevier, vol. 103(C).
    5. Jin, Xianglan & Cui, Huizhu & Liu, Fengwei & Hu, Ziqiang & Cai, Yonghao, 2025. "Does cybersecurity regulation promote digital transformation? Evidence from the Cyber Security Law in China," Finance Research Letters, Elsevier, vol. 76(C).
    6. Ou, Carol & Zhang, Xiaowei & Angelopoulos, Spyros & Davison, Robert & Janse, Noury, 2022. "Security breaches and organization response strategy : Exploring consumers’ threat and coping appraisals," Other publications TiSEM 9ac0c2eb-87e8-4c1d-a0b0-c, Tilburg University, School of Economics and Management.
    7. Dinh, Thao & Chou, Hsin-I & Zhao, Jing, 2025. "Cybersecurity risk and firm investment efficiency," Finance Research Letters, Elsevier, vol. 85(PE).
    8. Godsway Korku Tetteh & Chuks Otioma, 2025. "Cyberattack, cyber risk mitigation capabilities, and firm productivity in Kenya," Small Business Economics, Springer, vol. 64(3), pages 1493-1514, March.
    9. Xu, Jing, 2025. "Cybersecurity governance and corporate innovation: evidence from China," Finance Research Letters, Elsevier, vol. 82(C).
    10. Sulong, Zunaidah & Fuszder, Md. Habibur Rahman & Abdullah, Mohammad & Abakah, Emmanuel Joel Aikins, 2025. "Cybersecurity risk and bank risk-taking," Journal of Behavioral and Experimental Finance, Elsevier, vol. 47(C).
    11. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    12. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    13. Huy Viet Hoang, 2025. "Who Pays for Cybersecurity? Corporate Dividends in Response to Cybersecurity Risk in US Firms," Journal of the Knowledge Economy, Springer;Portland International Center for Management of Engineering and Technology (PICMET), vol. 16(6), pages 18085-18123, December.
    14. Mauro Caselli & Edwin Fourrier-Nicolai & Andrea Fracasso & Sergio Scicchitano, 2024. "Digital Technologies and Firms’ Employment and Training," CESifo Working Paper Series 11056, CESifo.
    15. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    16. Chang, Tsung-Sheng & Hsieh, Yao-Chian, 2024. "Applying the analytic hierarchy process for investigating key indicators of responsible innovation in the Taiwan software service industry," Technology in Society, Elsevier, vol. 78(C).
    17. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    18. Mahalasmi Radhakrishnan & Mohammad Nurul Hassan Reza & Abdullah Al Mamun & Muhammad Mehedi Masud & Zafir Khan Mohamed Makhbul, 2025. "Behavioral insights into insurance purchase among flash flood survivors in Malaysia," Humanities and Social Sciences Communications, Palgrave Macmillan, vol. 12(1), pages 1-14, December.
    19. Chelsea Liu & Muhammad Ali Babar, 2026. "Corporate cybersecurity risk and data breaches: A systematic review of empirical research," Australian Journal of Management, Australian School of Business, vol. 51(1), pages 62-92, February.
    20. Han, Kookyoung & Choi, Jin Hyuk, 2023. "Implications of false alarms in dynamic games on cyber-security," Chaos, Solitons & Fractals, Elsevier, vol. 169(C).

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:finlet:v:78:y:2025:i:c:s1544612325004349. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/frl .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.