Better Prevention Than Cure: Cybersecurity Risk and Clawback Provision

Abstract

Research Question/Issue: The escalation of online transactions recently has driven the digitalization trend, which features both emerging opportunities and associated risks, across businesses. This study examines the impact of cybersecurity risk on the adoption of clawback policies among US listed firms during the 2008–2018 period. Research Findings/Insight: Using fixed-effect estimators, I reveal that clawback adoptions are more likely when cybersecurity risk is on the rise. This effect is transmitted via three channels of multiple business objectives, manager's quiet life, and corporate culture. Furthermore, this effect is diminished among firms with a greater proportion of nonindependent co-opted directors on board. Theoretical/Academic Implications: Although clawback policies are often linked to corporate misreporting, this study broadens the conventional research direction by addressing the decision-making of clawback policy adoption from the data security perspective. The finding of this study implies an extension of clawback endorsement beyond the corporate reporting purpose in the digitalized era. Practical/Policy Implications: This study's findings suggest that firms value the preventive property of clawback policies on corporate misconduct and that firms factor cybersecurity risk into clawback adoption decision-making. Given that clawback policies extensively tie CEOs' wealth with corporate integrity, early adoptions of this recoupment scheme can be essential to resolving the contemporary cybersecurity problems of the adopted firms.