Corporate cybersecurity risk and data breaches: A systematic review of empirical research

Cybersecurity constitutes a major concern for corporations. Given the disciplinary barriers that fragment existing research on cybersecurity, we conduct a systemic review of 203 empirical studies on the determinants and consequences of corporate cybersecurity risk across 12 disciplines. By consolidating multidisciplinary research, we develop a novel framework mapping the inter-relationships between the drivers of cybersecurity risk, impacts of cyberattacks, and potential feedback mechanisms enabling firms to learn from breaches to improve cybersecurity outcomes. We provide a taxonomy of both cybersecurity risk factors and impacts of cybersecurity breaches. Our study provides valuable insights to executives, investors, and regulators by enhancing risk awareness and enabling industry practitioners and policymakers to harness the power of academic research to strengthen corporate cybersecurity resilience. JEL Classification: G30, G32, D81, D62, J24.