ACADEMIC ARTICLE SUMMARY
Cybersecurity Hiring in Response to Data Breaches
Article Source: SSRN (March, 2021)
Publication Date:
Time to Read: 2 minute readSearch for the full article on Bing
ARTICLE SUMMARY
Summary:
Data on firm-level hiring shows that firms increase hiring of cybersecurity workers following data breaches, particularly when the press covers the breach.
POLICY RELEVANCE
Policy Relevance:
Publicity improves incentives for firms to invest in safeguarding customer data.
KEY TAKEAWAYS
Key Takeaways:
- Data on online job postings and data breach events shows that firms that suffer a data breach are more likely to post cybersecurity-related job postings; however, the effect is smaller than optimal to safeguard data.
- Firms’ incentives to invest in data security are insufficient due to misaligned incentives and market failure.
- Customers and investors cannot monitor firms' cybersecurity investments.
- The negative effect of data breaches on firms tends to be small.
- Few customers stop dealing with firms when they have a data breach.
- Some researchers report that regulations requiring firms to report data breaches increase firms’ investments in security and reduce identity theft, but the laws are inadequately enforced.
- Data from Google Trends and the MIT Media Cloud Project shows that a data breach with high media visibility is three times more likely to spur a firm to post a cybersecurity job listing than a low-visibility data breach.
- Data breaches spur hiring of cybersecurity workers in service sectors such as finance, insurance, and retail trade, but not in construction and manufacturing; in the service sector, breached data consists of sensitive consumer data such as credit card information, and breaches draw attention from the press.
- Public firms, which face more regulation and public scrutiny than private firms, are more likely to respond to a data breach by hiring cybersecurity personnel than are private firms.