Report Finds CEO Pay Rises After Data Breach

A new research report from Warwick Business School at the University of Warwick has found evidence that corporate cyberattacks lead to higher profits for chief executive (CEOs) officers at those firms.

Reports in Business News Daily on Friday (March 15), co-authored by Assistant Professors of Finance Dr. Daniele Bianchi and Dr. Onur Tosun, found that data breaches at large organizations may cause financial losses at those companies, but they eventually lead to greater investments in their CEOs. The report examined instances of data breaches at 41 public U.S. firms between 2004 and 2016, focusing on high-profile cyberattacks that caused a drop in share value.

Despite the market value of those firms declining, the researchers found that CEO pay increased during those years. That compares with CEOs at public firms that were not hit by high-profile data breaches, whose salaries decreased by an average of $2 million per year, reports said.

“At first sight, these results may look puzzling,” said Bianchi in a statement. “However, they are consistent with the idea that the average response is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered.”

Other findings of the report included that the immediate drop in share value for organizations lasted just two days after news of a data breach was made public. The biggest negative effects of data breaches also occurred in the areas of shareholder dividend payments, and research and development (R&D) investment.

“Incidents of security breaches that reveal sensitive and confidential information can lead to litigation and government sanctions, but also to a loss of competitive edge against competitors through a reduction of resources dedicated to R&D, dividend payments or investments more generally,” explained Tosun. “Companies are often reluctant to reveal information about security breaches due to fear of both short-term and long-term market reactions. Cybersecurity will, therefore, become an increasingly important consideration for companies to avoid the damaging fallout once a breach is made public.”