ABSTRACT As cybersecurity breaches against publicly traded firms are increasing, more attention is being paid to how firms disclose a breach. This experimental study examines how two factors influence nonprofessional investors’ investment intentions and perceptions of the breached company: (1) corporate social responsibility (CSR) designation and (2) cybersecurity jargon included in the breach disclosure. Overall, our results demonstrate that a firm’s CSR designation protects the perception of management following a cyberbreach. Mediation analysis indicates that this strong CSR designation maintains favorable management perceptions among investors, thereby fostering greater investment intentions than a company without a CSR designation. When a breached company does not have a CSR designation, we find that the level of jargon in the disclosure becomes relevant. Our study provides insights into the role of CSR in mitigating negative investor reaction to a cyberattack, as well as the use of jargon in a disclosure. Data Availability: The data used in this manuscript are available from the authors upon request. JEL Classifications: M41.
Kaszak et al. (Fri,) studied this question.