HCBE Faculty Articles

Cybersecurity breach at a Big 4 accounting firm: Effects on auditor reputation

ORCID

Barri Litt0000-0003-2288-8728

Document Type

Article

Publication Title

Journal of Information Systems

ISSN

0888-7985

Publication Date

6-1-2023

Abstract/Excerpt

Public company investors rely on the Big 4 audit firms to provide assurance over internal controls and financial reporting. What, then, would happen if one of these very assurance providers suffered its own cybersecurity breach? We examine such an event in the major data breach of Deloitte in 2017. Using U.S. data from 2014 to 2019, we find Deloitte suffered significant reputational damage postbreach. Specifically, audit clients and existing shareholders became less likely to approve of Deloitte as the company’s auditor. Deloitte also charged lower audit fees after the incident. Furthermore, Deloitte’s audit clients suffered significant negative market reactions postbreach. Our results suggest pervasive implications of cyberattacks on auditor reputation and support recent congressional efforts to expand regulation in this area.

DOI

https://doi.org/10.2308/ISYS-2022-006

Volume

37

Issue

2

First Page

77

Last Page

100

Peer Reviewed

Find in your library

Share

COinS