| dc.contributor.advisor | So, Eric | |
| dc.contributor.advisor | Verdi, Rodrigo | |
| dc.contributor.author | Kim, David Sunghyo | |
| dc.date.accessioned | 2025-10-21T13:18:04Z | |
| dc.date.available | 2025-10-21T13:18:04Z | |
| dc.date.issued | 2025-05 | |
| dc.date.submitted | 2025-06-23T18:08:07.464Z | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/163295 | |
| dc.description.abstract | I study whether disclosure mandates alter the equilibrium of cyberattacks by unintentionally informing cybercriminals. The California Consumer Privacy Act (CCPA) requires companies to disclose their personal information collection practices to consumers, inadvertently informing cybercriminals about the potential benefits of breaching each firm. Using a difference-in-differences design, I find that firms disclosing the collection of valuable personal data face an increased probability of data breaches. These firms also strengthen their cyberdefenses both in terms of cybersecurity software and cybersecurity specialists. Firms trade off cybersecurity costs against the risk of data breaches, with the increase in breach probabilities more pronounced among firms that invest less in cybersecurity. Finally, I find that firms adjust their data collection policies as additional defense strategies. Overall, this study highlights the trade-off between transparency and cybersecurity risks in today’s digital economy. | |
| dc.publisher | Massachusetts Institute of Technology | |
| dc.rights | In Copyright - Educational Use Permitted | |
| dc.rights | Copyright retained by author(s) | |
| dc.rights.uri | https://rightsstatements.org/page/InC-EDU/1.0/ | |
| dc.title | Corporate Transparency and Cybersecurity Risks | |
| dc.type | Thesis | |
| dc.description.degree | Ph.D. | |
| dc.contributor.department | Sloan School of Management | |
| mit.thesis.degree | Doctoral | |
| thesis.degree.name | Doctor of Philosophy | |
