Peer governance effects of information security breaches

Peers' information security risks may have sent negative signals to the market, thus forcing firms to strengthen their internal control governance. Solow's paradox, however, suggests that when information technology (IT) investment does not reach equilibrium, firms may still blindly increase IT investment while neglecting information security management. Using the unique information security breaches data released by the China National Information Security Vulnerability Database (CNVD), we find that the peers' information security breaches have a governance effect on firm internal control. The underlying mechanism is that peer information security breach increases the cost of proprietary information and reputation maintenance. In addition, we find that the above peer governance effects are more significant in samples with higher agency conflicts, high-tech industries, and higher supply. Further, our further analysis also shows that the peer governance effects of information security breaches positively affect firms' investment efficiency. Overall, our findings verify the peer governance effects of the information security breaches.