Data Security, Data Breaches, and Compliance

Privacy and Security

Article Snapshot


Chirantan Chatterjee and Daniel Sokol


Chapter in Cambridge Handbook on Compliance, D. Daniel Sokol & Benjamin van Rooij, eds., 2021


Data breaches affect the breached firm’s stock price. Fines for data breaches are low, and firms may underinvest in security. Litigation following a breach is less likely when firms offer free credit monitoring.

Policy Relevance

Better training and more investment in security is needed to address data breaches.

Main Points

  • A data breach is an incident in which someone acquires data containing sensitive information without authorization, causing a reasonable risk of its misuse.
  • Data breaches decrease the market value of the breached firm's stock when the breach is announced, but the effect diminishes over time; few consumers stop dealing with a firm even after a data breach.
  • Information technology security developers often enjoy gains in stock market value within days of the announcement of a breach; however, breaches involving a high number of records will lower the stock price of information technology consulting firms, perhaps because of reputational harm.
  • Cyberattacks are typically aided by insiders, but their assistance is unintentional; therefore, methods of detection that work for fraud will not work well for data breaches.
    • Firms offer less cyber security training than other forms of risk management.
    • Training focusses too much on hackers and not enough on compliance after a breach.
  • Fines for data breaches in the United States and Europe are low compared to other offenses; low levels of fines may lead to under-investment in security.
  • Courts struggle to conceptualize data breach harms because of the need to show a causal link between the breach and an actual harmful economic impact directly related to the breach.
  • Lawsuits are more likely to arise from a data breach when the individual consumer suffers financial harm, and lower when the breached firm offers free credit monitoring.
  • Future studies should consider the following:
    • The long-term impact of data breaches, including the costs of repairs, litigation costs, loss of customers and reputation, and effects on stock price.
    • The effect of data breaches on government agencies and nonprofits.
    • Data security issues related to the Internet of Things.

Get The Article

Find the full article online

Search for Full Article