
-
Journal menu
- General information
- Editorial Board and External Reviewers
- Journal Policies
- Publication Ethics and Malpractice Statement
- Instructions for authors
- Paper reviewing
- Article processing charge
- Feedback from stakeholders
- Journal’s Open Access statement
- Order hard copies of the journal
- 50 most cited papers in the journal
- Statement on the Use of Generative AI
Corporate ownership price and institutional investors’ leverage of cybersecurity incidents
Download This Article
This work is licensed under a Creative Commons Attribution 4.0 International License.
Abstract
Using a data breach incident at a Big Four audit firm, we examine whether companies pay a price for not securing their clients’ data. Leveraging a sample of 1,737 firm-year observations of UK-listed firms audited by Big Four auditors during 2015–2019, we apply difference-in-difference (DiD) models to test whether clients of the breached company, as the audit service provider paid lower audit fees post-breach, particularly in the presence of large institutional shareholders. Our findings document that following a data breach, compared to other comparable non-breached companies, the breached company loses its premium for services, particularly for clients with large institutional shareholders. Given companies’ dual societal and profit-generating functions, our results suggest that data breaches not only compromise a company’s reputation in the capital markets but also erode the trust of their clients, especially in the presence of institutional investors. These findings underscore the economic consequences of data breaches and highlight the critical role of effective control execution in cybersecurity and stakeholder management, thereby preserving market confidence. Our study contributes to the literature by providing novel evidence on reputational spillovers in a non-US setting, highlighting how institutional ownership and service-based trust shape client responses to cybersecurity failures in credence-good industries.
Keywords: Corporate Ownership, Company Reputation, Institutional Investors, Cyber-Attacks, Data Breach, Cybersecurity Controls
Authors’ individual contribution: Conceptualization — Y.Z.-K. and L.G.S.; Methodology — Y.Z.-K. and L.G.S.; Investigation — Y.Z.-K. and L.G.S.; Writing — Original Draft — Y.Z.-K. and L.G.S.; Writing — Review & Editing — Y.Z.-K. and L.G.S.
Declaration of conflicting interests: The Authors declare that there is no conflict of interest.
JEL Classification: D8, M42, O32
Received: 20.06.2025
Revised: 03.09.2025; 22.09.2025
Accepted: 08.10.2025
Published online: 10.10.2025
How to cite this paper: Zengin-Karaibrahimoglu, Y., & Georg Schaffner, L. (2025). Corporate ownership price and institutional investors’ leverage of cybersecurity incidents. Corporate Ownership & Control, 22(3), 138–152. https://doi.org/10.22495/cocv22i3art11