CEOs were more likely to receive pay raises after their firms suffered a cybersecurity breach, according to a Warwick Business School study.
The U.K.-based school analyzed data breaches at 41 publicly traded companies in the U.S. between 2004 and 2016, focusing on breaches reported by the media, including stolen hardware, insider attacks, poor security and hacking.
While security breaches had a lasting impact on how firms were run, the stock market “shock” was forgotten after a few days. These firms were no more likely to fire their chief executive. Instead, CEOs were more likely to see an increase in total and incentive pay years after a security breach.
Chief executives at firms that were not targeted by hackers saw their pay decrease by more than $2 million a year over the same period.
“Firms that suffer a data breach do not typically respond by firing the management, but by investing more in the existing CEO,” Daniele Bianchi, an assistant professor at the business school, said in a news release from Warwick.
“At first, these results may look puzzling. However, they are consistent with the idea that the average response is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered,” Mr. Bianchi said.
Companies typically saw share value and liquidity drop on the day the breach was disclosed, but after two days the negative market reaction had "vanished," according to the news release.
After a cyberattack, companies are more likely to invest less in research and development. These companies also paid lower dividends over the next five years. Instead, companies invested in managing financial risks caused by data breaches.