IDEAS home Printed from https://ideas.repec.org/a/eee/finlet/v78y2025ics1544612325004349.html
   My bibliography  Save this article

Does cybersecurity regulation reduce corporate data-breach risk?

Author

Listed:
  • Gao, Lujia
  • Chen, Zhaoying
  • Zhao, Wei
  • Lai, Xuanyu

Abstract

This study examines the impact of cybersecurity regulation on corporate data-breach risk, leveraging China's Cybersecurity Law implementation as a quasi-natural experiment. Using data from 3,761 Chinese firms from 2007 to 2022, this study reveals that cybersecurity regulation effectively mitigates data-breach risk by enhancing firms’ cybersecurity cultures and systems. Subsequent heterogeneity analysis reveals that the effect is more pronounced for non-state-owned enterprises and high-tech industries. This study contributes to the literature on cybersecurity and data breaches, providing policymakers with insights to optimize cybersecurity regulations.

Suggested Citation

  • Gao, Lujia & Chen, Zhaoying & Zhao, Wei & Lai, Xuanyu, 2025. "Does cybersecurity regulation reduce corporate data-breach risk?," Finance Research Letters, Elsevier, vol. 78(C).
    • Handle: RePEc:eee:finlet:v:78:y:2025:i:c:s1544612325004349
    DOI: 10.1016/j.frl.2025.107171
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1544612325004349
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.frl.2025.107171?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Wang, Jimin & Ho, Choy Yeing (Chloe) & Shan, Yuan George, 2024. "Does cybersecurity risk stifle corporate innovation activities?," International Review of Financial Analysis, Elsevier, vol. 91(C).
    2. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    3. Li, Ling & He, Wu & Xu, Li & Ash, Ivan & Anwar, Mohd & Yuan, Xiaohong, 2019. "Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior," International Journal of Information Management, Elsevier, vol. 45(C), pages 13-24.
    4. Lattanzio, Gabriele & Ma, Yue, 2023. "Cybersecurity risk and corporate innovation," Journal of Corporate Finance, Elsevier, vol. 82(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Tan, Weijie & Guo, Binhua & Zhang, Qiantao, 2025. "Cybersecurity governance and corporate market value: Perspectives from investor trust and supply chain trust," Pacific-Basin Finance Journal, Elsevier, vol. 90(C).
    2. Jin, Xianglan & Cui, Huizhu & Liu, Fengwei & Hu, Ziqiang & Cai, Yonghao, 2025. "Does cybersecurity regulation promote digital transformation? Evidence from the Cyber Security Law in China," Finance Research Letters, Elsevier, vol. 76(C).
    3. Ou, Carol & Zhang, Xiaowei & Angelopoulos, Spyros & Davison, Robert & Janse, Noury, 2022. "Security breaches and organization response strategy : Exploring consumers’ threat and coping appraisals," Other publications TiSEM 9ac0c2eb-87e8-4c1d-a0b0-c, Tilburg University, School of Economics and Management.
    4. Godsway Korku Tetteh & Chuks Otioma, 2025. "Cyberattack, cyber risk mitigation capabilities, and firm productivity in Kenya," Small Business Economics, Springer, vol. 64(3), pages 1493-1514, March.
    5. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    6. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    7. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    8. Mauro Caselli & Edwin Fourrier-Nicolai & Andrea Fracasso & Sergio Scicchitano, 2024. "Digital Technologies and Firms’ Employment and Training," CESifo Working Paper Series 11056, CESifo.
    9. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    10. Chang, Tsung-Sheng & Hsieh, Yao-Chian, 2024. "Applying the analytic hierarchy process for investigating key indicators of responsible innovation in the Taiwan software service industry," Technology in Society, Elsevier, vol. 78(C).
    11. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    12. Mahalasmi Radhakrishnan & Mohammad Nurul Hassan Reza & Abdullah Al Mamun & Muhammad Mehedi Masud & Zafir Khan Mohamed Makhbul, 2025. "Behavioral insights into insurance purchase among flash flood survivors in Malaysia," Palgrave Communications, Palgrave Macmillan, vol. 12(1), pages 1-14, December.
    13. Han, Kookyoung & Choi, Jin Hyuk, 2023. "Implications of false alarms in dynamic games on cyber-security," Chaos, Solitons & Fractals, Elsevier, vol. 169(C).
    14. Liang, Qing & Li, Zhaohua, 2024. "Litigation risk and the cost of debt financing in M&As," International Review of Financial Analysis, Elsevier, vol. 96(PA).
    15. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    16. Liang, Hui & Sit, Jason & Chang, Jian & Zhang, Jian Jun, 2016. "Computer animation data management: Review of evolution phases and emerging issues," International Journal of Information Management, Elsevier, vol. 36(6), pages 1089-1100.
    17. Tang, Haodan & Liang, Jiaxuan & Fang, Senhui, 2024. "The innovation effect of digital M&As: Evidence from China," International Review of Financial Analysis, Elsevier, vol. 96(PA).
    18. Naume Sonhera & David Mhlanga, 2022. "Reducing Cyber Incidents through Good Online Behavioral Norms: Lessons from South Africa," Eurasian Journal of Social Sciences, Eurasian Publications, vol. 10(1), pages 37-48.
    19. Bulbul Ahamed & Mohammad Rashed Hasan Polas & Ahmed Imran Kabir & Abu Saleh Md. Sohel-Uz-Zaman & Abdullah Al Fahad & Saima Chowdhury & Mrittika Rani Dey, 2024. "Empowering Students for Cybersecurity Awareness Management in the Emerging Digital Era: The Role of Cybersecurity Attitude in the 4.0 Industrial Revolution Era," SAGE Open, , vol. 14(1), pages 21582440241, February.
    20. Abukari, Kobana & Dutta, Shantanu & Li, Chen & Tang, Songlian & Zhu, Pengcheng, 2024. "Corporate communication and likelihood of data breaches," International Review of Economics & Finance, Elsevier, vol. 94(C).

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:finlet:v:78:y:2025:i:c:s1544612325004349. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/frl .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.