Search
Program Calendar
Browse By Day
Search Tips
Conference
Virtual Exhibit Hall
Location
About AAA
Personal Schedule
Sign In
We investigate the effects of ISO 27001 certificate and CSR performance on investors’ responses to cybersecurity breaches. Based on the results of an online experiment with 202 MTurk participants, we find that an ISO 27001 certificate issued by an independent certification body serves as damage control and attenuates investors’ negative reactions when facing data breaches. However, the connection between the certification body that issue ISO 27001 certificates and the financial audit firm of the audited company may impair the effectiveness of the ISO 27001 certificate serving as damage control for cybersecurity breaches. Similarly, positive CSR performance provides insurance-like protection and spillover to reduce investors’ negative responses on occasions of cybersecurity breaches. In addition, ISO 27001 certificate and CSR performance are substitutive mechanisms. Specifically, the existence of either ISO 27001 certificate or positive CSR performance alone is effective enough in attenuating investors’ negative perceptions. Adding another control does not necessarily lead to additional benefits.