Data breaches result in CEO pay rises, study shows

Bosses are more likely to receive a pay rise after their firm suffers a cybersecurity breach, according to a study by the UK’s Warwick Business School.

Researchers at Warwick Business School found that media reports of a cyber-attack led to a stock market “shock” as investors sold their shares, but this only lasted a few days.

Security breaches did have a lasting impact on the way firms were run, as they typically paid lower dividends and invested less in research and development up to five years after the attack.

Yet they were no more likely to fire their chief executive. On the contrary, bosses were more likely to receive an increase in total and incentive pay several years after a security breach.

Average CEO pay at firms that were not targeted by hackers fell by more than $2 million per year over the same five year period.

Daniele Bianchi, assistant professor of finance at Warwick Business School, said: “Firms that suffer a data breach do not typically respond by firing the management, but by investing more in the existing CEO. At first sight, these results may look puzzling.

“However, they are consistent with the idea that the average response is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered.

“In the long run security breaches appear to have a more significant impact on firms’ strategies and policies than their cash flow.”