Cyberattacks, cash conversion cycle, and corporate performance

This study examines the effect of working capital efficiency on the performance of firms that experience cyberattacks. We find robust evidence that an aggressive working capital policy improves the immediate and after-market stock returns as well as the operating performance of firms that suffer an outside party or a malware hacker attack. Specifically, we document a negative relationship between announcement period abnormal returns and the industry-adjusted cash conversion cycle, implying that investors react less favorably when breached firms have more conservative working capital policies. We also find a negative association between the cash cycle and long-horizon buy-and-hold abnormal returns indicating that working capital efficacy has a protracted positive effect on stock performance after an attack. The cash conversion cycle is also negatively related to operating performance, as measured by industry-adjusted market power, industry-adjusted return on assets, and industry-adjusted market-to-book ratio. In addition, we find that access to trade credit and the ability to delay payments made to suppliers (depicted via days' payables outstanding) are the most important factors in helping breached firms mitigate the financial and operating costs of cyberattacks. Overall, our results are robust to endogeneity concerns and expand the literature on the firm-level aspects of data breaches.