A new study by researchers, including at The University of Western Australia, has revealed how US data breach notification (DBN) laws are influencing the cost of private debt for companies.
The research, published in The British Accounting Review, investigated the effects of DBN laws, which mandate the disclosure of data breaches to protect consumers.
It shows the laws lead to an increase in the cost of borrowing for firms, as lenders adjust their risk assessments to account for potential future costs from breach disclosures, such as litigation expenses.
Lead author Nishant Agarwal, a lecturer at UWA’s Business School, said the research showed lenders were taking into consideration heightened risks associated with potential data breaches when determining borrowing costs for firms.
“This results in higher costs of private debt for companies affected by the laws,” Mr Agarwal said.
“However, our research also revealed good news in that firms investing in robust cybersecurity measures can mitigate the increased costs.
“Companies with strong cybersecurity infrastructure and technology leadership in their top management are viewed more favourably by lenders, leading to more favourable borrowing terms.”
Image: Lecturer at the UWA Business School and study lead author Nishant Agarwal.
Mr Agarwal said by investing in cybersecurity, firms could signal a proactive approach to managing cyber risks, which reassured lenders and resulted in lower borrowing costs.
“Our work highlights the intersection of cybersecurity, regulation and finance, and underscores the importance of forward-thinking risk management strategies,” he said.
The research used the staggered passage of DBN laws across different states in the US to assess their impact on private debt costs.
It found the increase in borrowing costs was particularly pronounced for firms in industries susceptible to data breaches, those reporting internal control weaknesses, or those disclosing cybersecurity risks in their risk factor disclosures.
Conversely, the increase in the cost of private debt was less significant for firms that focused on cybersecurity measures, such as investing in cybersecurity or appointing a technology officer to the board.
“Our study emphasises the critical link between financial resilience and cybersecurity preparedness, suggesting firms should adopt comprehensive risk management strategies to navigate the evolving regulatory environment effectively,” Mr Agarwal said.
Assistant Professor at University of Texas Chandrani Chatterjee and doctoral candidate at the Indian School of Business Swetha Agarwal were co-authors on the paper.