The Interplay between Corporate Social Responsibility Designations and Disclosure Jargon on the Investor Response to Cybersecurity Events

ABSTRACT As cybersecurity breaches against publicly traded firms are increasing, more attention is being paid to how firms disclose a breach. This experimental study examines how two factors influence nonprofessional investors’ investment intentions and perceptions of the breached company: (1) corporate social responsibility (CSR) designation and (2) cybersecurity jargon included in the breach disclosure. Overall, our results demonstrate that a firm’s CSR designation protects the perception of management following a cyberbreach. Mediation analysis indicates that this strong CSR designation maintains favorable management perceptions among investors, thereby fostering greater investment intentions than a company without a CSR designation. When a breached company does not have a CSR designation, we find that the level of jargon in the disclosure becomes relevant. Our study provides insights into the role of CSR in mitigating negative investor reaction to a cyberattack, as well as the use of jargon in a disclosure. Data Availability: The data used in this manuscript are available from the authors upon request. JEL Classifications: M41.