IDEAS home Printed from https://ideas.repec.org/a/eee/jbrese/v199y2025ics0148296325003662.html

Anchored by reliability, swayed by institutional forces: Cybersecurity risk deviance from industry norms and its contingencies on risk and volatility

Author

Listed:
  • Patel, Pankaj C.

Abstract

Drawing on institutional theory and high reliability theory we address the critical yet underexplored research question: How does a firm’s deviation from industry norms in cybersecurity risk influence its future cybersecurity risk exposure, and to what extent is this relationship moderated by non-political risk, political risk, and implied volatility? Using fixed-effects regressions, results show that (i) there is a negative relationship between cybersecurity risk deviance and future cyber risk scores; (ii) a firm’s exposure to higher political risk or lower implied volatility enhances the negative effect of deviance on future cyber risk; and (iii) however, the higher nonpolitical risk does not exhibit a significant moderating effect on the relationship between deviance and future cyber risk scores. The robustness of these findings is substantiated through various checks, including corrections for potential endogeneity.This study contributes to the current body of knowledge on cybersecurity and/or strategic management.

Suggested Citation

  • Patel, Pankaj C., 2025. "Anchored by reliability, swayed by institutional forces: Cybersecurity risk deviance from industry norms and its contingencies on risk and volatility," Journal of Business Research, Elsevier, vol. 199(C).
    • Handle: RePEc:eee:jbrese:v:199:y:2025:i:c:s0148296325003662
    DOI: 10.1016/j.jbusres.2025.115543
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0148296325003662
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.jbusres.2025.115543?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Warkentin, Merrill & Orgeron, Craig, 2020. "Using the security triad to assess blockchain technology in public sector applications," International Journal of Information Management, Elsevier, vol. 52(C).
    2. Rodolphe Durand & Robert M. Grant & Tammy L. Madsen & Eric Yanfei Zhao & Greg Fisher & Michael Lounsbury & Danny Miller, 2017. "Optimal distinctiveness: Broadening the interface between institutional theory and strategic management," Strategic Management Journal, Wiley Blackwell, vol. 38(1), pages 93-113, January.
    3. Xueyan Dong & Kam C. Chan & Yujia Cui & Jenny Xinjiao Guan, 2021. "Strategic deviance and cash holdings," Journal of Business Finance & Accounting, Wiley Blackwell, vol. 48(3-4), pages 742-782, March.
    4. Esben Rahbek Gjerdrum Pedersen & Peter Neergaard & Janni Thusgaard Pedersen & Wencke Gwozdz, 2013. "Conformance and Deviance: Company Responses to Institutional Pressures for Corporate Social Responsibility Reporting," Business Strategy and the Environment, Wiley Blackwell, vol. 22(6), pages 357-373, September.
    5. Tarek A Hassan & Stephan Hollander & Laurence van Lent & Ahmed Tahoun, 2019. "Firm-Level Political Risk: Measurement and Effects," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 134(4), pages 2135-2202.
    6. Yong Wu & Haocheng Xiao & Tao Dai & Dong Cheng, 2022. "A game-theoretical model of firm security reactions responding to a strategic hacker in a competitive industry," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 73(4), pages 716-740, March.
    7. Iván Alfaro & Nicholas Bloom & Xiaoji Lin, 2024. "The Finance Uncertainty Multiplier," Journal of Political Economy, University of Chicago Press, vol. 132(2), pages 577-615.
    8. Gabriele Rovigatti & Vincenzo Mollisi, 2018. "Theory and practice of total-factor productivity estimation: The control function approach using Stata," Stata Journal, StataCorp LLC, vol. 18(3), pages 618-662, September.
    9. Warren, Danielle E., 2019. "The Persistence of Organizational Deviance: When Informal Sanctioning Systems Undermine Formal Sanctioning Systems," Business Ethics Quarterly, Cambridge University Press, vol. 29(1), pages 55-84, January.
    10. Gao, Lei & Calderon, Thomas G. & Tang, Fengchun, 2020. "Public companies' cybersecurity risk disclosures," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    11. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    12. AGRELL, Per & NIKNAZAR, Pooria, 2013. "Robustness, outliers and Mavericks in network regulation," LIDAM Discussion Papers CORE 2013007, Université catholique de Louvain, Center for Operations Research and Econometrics (CORE).
    13. Mathijs de Vaan & Benjamin Elbers & Thomas A. DiPrete, 2019. "Obscured Transparency? Compensation Benchmarking and the Biasing of Executive Pay," Management Science, INFORMS, vol. 65(9), pages 4299-4317, September.
    14. Li, Ling & He, Wu & Xu, Li & Ash, Ivan & Anwar, Mohd & Yuan, Xiaohong, 2019. "Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior," International Journal of Information Management, Elsevier, vol. 45(C), pages 13-24.
    15. Lattanzio, Gabriele & Ma, Yue, 2023. "Cybersecurity risk and corporate innovation," Journal of Corporate Finance, Elsevier, vol. 82(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    2. Huy Viet Hoang, 2025. "Who Pays for Cybersecurity? Corporate Dividends in Response to Cybersecurity Risk in US Firms," Journal of the Knowledge Economy, Springer;Portland International Center for Management of Engineering and Technology (PICMET), vol. 16(6), pages 18085-18123, December.
    3. Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
    4. Hassan, M. Kabir & Karim, Md. Sydul & Kozlowski, Steven E., 2022. "Implications of public corruption for local firms: Evidence from corporate debt maturity," Journal of Financial Stability, Elsevier, vol. 58(C).
    5. Lin, Weizheng & Wang, Chih-Wei & Li, Ying-Jie & Chen, Jian-Yun, 2025. "From green to digital: Exploring the role of ecological footprints on cybersecurity risk," Energy Economics, Elsevier, vol. 146(C).
    6. Song, Jeongseop & Zhang, Fan, 2024. "Regional market uncertainty and corporate investment," The North American Journal of Economics and Finance, Elsevier, vol. 69(PB).
    7. Tan, Weijie & Guo, Binhua & Zhang, Qiantao, 2025. "Cybersecurity governance and corporate market value: Perspectives from investor trust and supply chain trust," Pacific-Basin Finance Journal, Elsevier, vol. 90(C).
    8. Gao, Lujia & Chen, Zhaoying & Zhao, Wei & Lai, Xuanyu, 2025. "Does cybersecurity regulation reduce corporate data-breach risk?," Finance Research Letters, Elsevier, vol. 78(C).
    9. Chris Florackis & Christodoulos Louca & Roni Michaely & Michael Weber, 2023. "Cybersecurity Risk," The Review of Financial Studies, Society for Financial Studies, vol. 36(1), pages 351-407.
    10. Fiori, Giuseppe & Scoccianti, Filippo, 2023. "The economic effects of firm-level uncertainty: Evidence using subjective expectations," Journal of Monetary Economics, Elsevier, vol. 140(C), pages 92-105.
    11. Chelsea Liu & Muhammad Ali Babar, 2026. "Corporate cybersecurity risk and data breaches: A systematic review of empirical research," Australian Journal of Management, Australian School of Business, vol. 51(1), pages 62-92, February.
    12. Ioannis Dokas & Georgios Oikonomou & Minas Panagiotidis & Eleftherios Spyromitros, 2023. "Macroeconomic and Uncertainty Shocks’ Effects on Energy Prices: A Comprehensive Literature Review," Energies, MDPI, vol. 16(3), pages 1-35, February.
    13. Yuan, Jun & Yang, Liuyong & Xu, Qi, 2025. "The real side of black swans: Tail risk and corporate investment," Journal of Banking & Finance, Elsevier, vol. 176(C).
    14. Xu, Yao & Zhao, Feng & Zhang, Qi, 2025. "How does the cybersecurity law affect corporate investment," International Review of Financial Analysis, Elsevier, vol. 103(C).
    15. Lee, Chien-Chiang & Wang, Chih-Wei & Lin, Weizheng & Chen, En-Jia, 2025. "Cyber risk and corporate share repurchases," International Review of Financial Analysis, Elsevier, vol. 103(C).
    16. Abukari, Kobana & Dutta, Shantanu & Li, Chen & Tang, Songlian & Zhu, Pengcheng, 2024. "Corporate communication and likelihood of data breaches," International Review of Economics & Finance, Elsevier, vol. 94(C).
    17. Ojha, Divesh & Patel, Pankaj C. & Chirico, Francesco & Dhir, Amandeep, 2025. "Managing uncertainty under sudden operational closures: The role of implied volatility, positive sentiment, and productivity," Technological Forecasting and Social Change, Elsevier, vol. 219(C).
    18. Kim, Hyeong Joon, 2025. "Lesson from stock price crash: Changes in managerial confidence and incentives," The British Accounting Review, Elsevier, vol. 57(3).
    19. Dinh, Thao & Chou, Hsin-I & Zhao, Jing, 2025. "Cybersecurity risk and firm investment efficiency," Finance Research Letters, Elsevier, vol. 85(PE).
    20. Wang, Jimin & Ho, Choy Yeing (Chloe) & Shan, Yuan George, 2024. "Does cybersecurity risk stifle corporate innovation activities?," International Review of Financial Analysis, Elsevier, vol. 91(C).

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:jbrese:v:199:y:2025:i:c:s0148296325003662. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/jbusres .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.