IDEAS home Printed from https://ideas.repec.org/a/eee/finlet/v78y2025ics1544612325004349.html
   My bibliography  Save this article

Does cybersecurity regulation reduce corporate data-breach risk?

Author

Listed:
  • Gao, Lujia
  • Chen, Zhaoying
  • Zhao, Wei
  • Lai, Xuanyu

Abstract

This study examines the impact of cybersecurity regulation on corporate data-breach risk, leveraging China's Cybersecurity Law implementation as a quasi-natural experiment. Using data from 3,761 Chinese firms from 2007 to 2022, this study reveals that cybersecurity regulation effectively mitigates data-breach risk by enhancing firms’ cybersecurity cultures and systems. Subsequent heterogeneity analysis reveals that the effect is more pronounced for non-state-owned enterprises and high-tech industries. This study contributes to the literature on cybersecurity and data breaches, providing policymakers with insights to optimize cybersecurity regulations.

Suggested Citation

  • Gao, Lujia & Chen, Zhaoying & Zhao, Wei & Lai, Xuanyu, 2025. "Does cybersecurity regulation reduce corporate data-breach risk?," Finance Research Letters, Elsevier, vol. 78(C).
    • Handle: RePEc:eee:finlet:v:78:y:2025:i:c:s1544612325004349
    DOI: 10.1016/j.frl.2025.107171
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1544612325004349
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.frl.2025.107171?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Wang, Jimin & Ho, Choy Yeing (Chloe) & Shan, Yuan George, 2024. "Does cybersecurity risk stifle corporate innovation activities?," International Review of Financial Analysis, Elsevier, vol. 91(C).
    2. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    3. Lattanzio, Gabriele & Ma, Yue, 2023. "Cybersecurity risk and corporate innovation," Journal of Corporate Finance, Elsevier, vol. 82(C).
    4. Li, Ling & He, Wu & Xu, Li & Ash, Ivan & Anwar, Mohd & Yuan, Xiaohong, 2019. "Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior," International Journal of Information Management, Elsevier, vol. 45(C), pages 13-24.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Lin, Weizheng & Wang, Chih-Wei & Li, Ying-Jie & Chen, Jian-Yun, 2025. "From green to digital: Exploring the role of ecological footprints on cybersecurity risk," Energy Economics, Elsevier, vol. 146(C).
    2. Tan, Weijie & Guo, Binhua & Zhang, Qiantao, 2025. "Cybersecurity governance and corporate market value: Perspectives from investor trust and supply chain trust," Pacific-Basin Finance Journal, Elsevier, vol. 90(C).
    3. Jin, Xianglan & Cui, Huizhu & Liu, Fengwei & Hu, Ziqiang & Cai, Yonghao, 2025. "Does cybersecurity regulation promote digital transformation? Evidence from the Cyber Security Law in China," Finance Research Letters, Elsevier, vol. 76(C).
    4. Ou, Carol & Zhang, Xiaowei & Angelopoulos, Spyros & Davison, Robert & Janse, Noury, 2022. "Security breaches and organization response strategy : Exploring consumers’ threat and coping appraisals," Other publications TiSEM 9ac0c2eb-87e8-4c1d-a0b0-c, Tilburg University, School of Economics and Management.
    5. Godsway Korku Tetteh & Chuks Otioma, 2025. "Cyberattack, cyber risk mitigation capabilities, and firm productivity in Kenya," Small Business Economics, Springer, vol. 64(3), pages 1493-1514, March.
    6. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    7. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    8. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    9. Chang, Tsung-Sheng & Hsieh, Yao-Chian, 2024. "Applying the analytic hierarchy process for investigating key indicators of responsible innovation in the Taiwan software service industry," Technology in Society, Elsevier, vol. 78(C).
    10. Han, Kookyoung & Choi, Jin Hyuk, 2023. "Implications of false alarms in dynamic games on cyber-security," Chaos, Solitons & Fractals, Elsevier, vol. 169(C).
    11. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    12. Naume Sonhera & David Mhlanga, 2022. "Reducing Cyber Incidents through Good Online Behavioral Norms: Lessons from South Africa," Eurasian Journal of Social Sciences, Eurasian Publications, vol. 10(1), pages 37-48.
    13. Canitgia Tambariki, 2024. "Drivers of banking consumers' cybersecurity behavior: Applying the extended protection motivation theory ," GATR Journals jmmr327, Global Academy of Training and Research (GATR) Enterprise.
    14. Singh, Kuldeep & Chatterjee, Sheshadri & Mariani, Marcello & Wamba, Samuel Fosso, 2025. "Cybersecurity resilience and innovation ecosystems for sustainable business excellence: Examining the dramatic changes in the macroeconomic business environment," Technovation, Elsevier, vol. 143(C).
    15. Nong, Huihui & Lin, Yinghao & Zhang, Quankun, 2025. "Cybersecurity policy and corporate R&D investment," Finance Research Letters, Elsevier, vol. 75(C).
    16. Kaw, Javaid A. & Loan, Nazir A. & Parah, Shabir A. & Muhammad, K. & Sheikh, Javaid A. & Bhat, G.M., 2019. "A reversible and secure patient information hiding system for IoT driven e-health," International Journal of Information Management, Elsevier, vol. 45(C), pages 262-275.
    17. Byung-Jik Kim & Julak Lee, 2025. "The impact of corporate social responsibility on cybersecurity behavior: The crucial role of organizationally-prescribed perfectionism," Palgrave Communications, Palgrave Macmillan, vol. 12(1), pages 1-18, December.
    18. Büyüközkan, Gülçin & Güler, Merve, 2025. "Cybersecurity maturity model: Systematic literature review and a proposed model," Technological Forecasting and Social Change, Elsevier, vol. 213(C).
    19. Kamran Razzaq & Mahmood Shah & Mohammad Fattahi & Jing Tang, 2025. "Empowering machine learning for robust cyber-attack prevention in online retail: an integrative analysis," Palgrave Communications, Palgrave Macmillan, vol. 12(1), pages 1-15, December.
    20. Gong, Yiwei & Janssen, Marijn, 2019. "The value of and myths about enterprise architecture," International Journal of Information Management, Elsevier, vol. 46(C), pages 1-9.

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:finlet:v:78:y:2025:i:c:s1544612325004349. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/frl .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.