Human Capital Acquisition in Response to Data Breaches

Given the rise in the frequency and cost of data security threats, it is critical to understand whether and how companies strategically adapt their operational workforce in response to data breaches. We study hiring in the aftermath of data breaches by combining information on data breach events with detailed firm-level job posting data. Using a staggered difference-in-differences approach, we show that breached firms significantly increase their demand for cybersecurity workers. Furthermore, firms’ responses to data breaches extend to promptly recruiting public relations personnel—an act aimed at managing trust and alleviating negative publicity—often ahead of cybersecurity hires. Following a breach, the likelihood of firms posting a cybersecurity job rises by approximately two percentage points, which translates to an average willingness to spend an additional $61,961 in annual wages on cybersecurity, public relations, and legal workers. While these hiring adjustments are small for affected firms, they represent a large potential impact of over $300 million on the overall economy. Our findings underscore the vital role of human capital investments in shaping firms’ cyber defenses and provide a valuable roadmap for managers and firms navigating cyberthreats in an increasingly digital age.