Skip to content Skip to navigation
University of Warwick
  • Study
  • |
  • Research
  • |
  • Business
  • |
  • Alumni
  • |
  • News
  • |
  • About

University of Warwick
Publications service & WRAP

Highlight your research

  • WRAP
    • Home
    • Search WRAP
    • Browse by Warwick Author
    • Browse WRAP by Year
    • Browse WRAP by Subject
    • Browse WRAP by Department
    • Browse WRAP by Funder
    • Browse Theses by Department
  • Publications Service
    • Home
    • Search Publications Service
    • Browse by Warwick Author
    • Browse Publications service by Year
    • Browse Publications service by Subject
    • Browse Publications service by Department
    • Browse Publications service by Funder
  • Help & Advice
University of Warwick

The Library

  • Login
  • Admin

Across the pond : how U.S. firms' boards of directors adapted to the passage of the GDPR

Tools
- Tools
+ Tools

Klein, April, Manini, Raffaele and Shi, Yanting (Crystal) (2022) Across the pond : how U.S. firms' boards of directors adapted to the passage of the GDPR. Contemporary Accounting Research, 39 (1). pp. 199-233. doi:10.1111/1911-3846.12735

[img] PDF
WRAP-across-the-pond-how-U.S.-firms-boards-directors-adapted-passage-GDPR-2021.pdf - Accepted Version
Embargoed item. Restricted access to Repository staff only until 20 September 2022. Contact author directly, specifying your specific needs. - Requires a PDF viewer.

Download (2130Kb)
Official URL: https://doi.org/10.1111/1911-3846.12735

Request Changes to record.

Abstract

One of the prime responsibilities of the board of directors is to understand and oversee its firm’s risk profile. We exploit a recent European Union (EU) regulation, the General Data Protection Regulation (GDPR), as a quasi-exogenous shock to the cyber risk landscape to assess whether boards of U.S. firms changed their focus and governance structures to deal with this new challenge. The GDPR encompasses a wide-sweeping set of regulations aimed at protecting EU citizens from unwanted uses of their personal internet data. Although an EU regulation, the GDPR applies to all U.S. public firms with at least one EU user. Adopting a difference-in-differences methodology, we use firms that already fell under a U.S. data privacy regulation as a control group, and find that boards of treated U.S. firms, on average, increase their focus on cyber risk, add more directors with cyber/IT expertise, and more frequently assign cyber risk oversight to the board or to a board committee. In cross-sectional tests, we show that these changes are positively associated with a firm’s ex ante cyber risk, but are unrelated to whether a firm had a large EU presence, suggesting a more global reaction to the GDPR. In addition, we examine some of the consequences of these board changes. We find boards that promptly responded by changing their board focus, expertise, and monitoring assignment of cyber risk around the passage of GDPR had fewer future cyber-attacks/data breaches and less related media attention. Our findings suggest that, on average, American corporate boards promptly responded to changes in the cyber risk environment in ways that reduced their firms’ overall future cyber risk. Our results have implications on the efficacy and flexibility of US corporate boards to respond to unexpected changes in risk.

Item Type: Journal Article
Subjects: H Social Sciences > HD Industries. Land use. Labor
H Social Sciences > HV Social pathology. Social and public welfare
K Law [Moys] > KW European Union Law
Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software
Divisions: Faculty of Social Sciences > Warwick Business School > Finance Group
Faculty of Social Sciences > Warwick Business School
Library of Congress Subject Headings (LCSH): Corporate governance , Directors of corporations -- United States, Computer crimes -- Prevention, Computer security, Data protection -- Law and legislation -- European Union countries, Cyberspace -- Security measures, European Parliament. General Data Protection Regulation., Privacy, Right of -- European Union
Journal or Publication Title: Contemporary Accounting Research
Publisher: John Wiley & Sons, Inc.
ISSN: 0823-9150
Official Date: March 2022
Dates:
DateEvent
March 2022Published
20 September 2021Available
10 September 2021Accepted
Volume: 39
Number: 1
Page Range: pp. 199-233
DOI: 10.1111/1911-3846.12735
Institution: University of Warwick
Status: Peer Reviewed
Publication Status: Published
Reuse Statement (publisher, data, author rights): This is the peer reviewed version of the following article:Klein, A., Manini, R. and Shi, Y. (2021), Across the Pond: How US Firms’ Boards of Directors Adapted to the Passage of the GDPR†. Contemp Account Res., which has been published in final form at https://doi.org/10.1111/1911-3846.12735. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Use of Self-Archived Versions.
Access rights to Published version: Restricted or Subscription Access
Open Access Version:
  • SSRN

Request changes or add full text files to a record

Repository staff actions (login required)

View Item View Item
twitter

Email us: wrap@warwick.ac.uk
Contact Details
About Us