How repeat data breaches inform executive compensation

Continuing her research into effects of data breaches on business aspects, finance assistant professor Jin Peng, Ph.D., turned her lens onto how those breaches inform compensation for executives. “Compensation” refers to of both cash and non-cash options, such as stocks and other benefits.

Based on established documentation and literature surrounding this subject, firms use executive compensation as a route for adjusting risk-taking behaviors and often decrease compensation of CEOs after repeat breaches. This applies specifically to CEOs vs. executive positions in general, as studies have shown that CEOs take more risks when compensation is higher.

When repeat breaches do occur, CEOs often see a decrease their compensation in both cash and non-cash avenues. This serves as both a way to penalize the CEO and reduce risk-taking behaviors, but also to publicly show that measures are being taken and protect their reputation as a business. Despite this penalization, CEOs still tended to see higher compensation than their fellow executives in other roles, but with a smaller gap between their respective compensation levels.

Conversely, non-CEO executives tend to see increased compensation after repeat breaches, in part to help reinforce cybersecurity of the firm or increase sales revenue. From the sample of 1,484 executive examples that the researchers studied, they found that non-CEO positions receive higher incentive compensation with no effect on cash compensation. This increase is to incentivize the non-CEO executives to tighten up cybersecurity measures and keep a positive reputation for the business.

This study adds to current finance literature with its focus on incentive compensation, risk-taking behavior and agency issue, along with risk management.

Peng’s co-authors for this study include Haofei Zhang, Ph.D., Assistant Professor at Nankai University; Juan Mao, Ph.D., Associate Professor at the University of Texas at San Antonio; and Shouhuai Xu, Ph.D., UCCS Professor of Computer Science. Read the entirety of “Repeated data breaches and executive compensation” online.