The impact of cyber threats on environmental, social, and governance performance.

Abstract

This study investigates the relationship between cybersecurity risk and corporate Environmental, Social, and Governance (ESG) performance, with a particular focus on the moderating role of CEO duality in shaping strategic responses to digital threats. Drawing on a large sample of 14,036 firm-year observations from U.S.-listed firms between 2005 and 2018, we find that heightened exposure to cybersecurity risk is significantly associated with improved ESG performance, particularly in the environmental dimension. Our results further indicate that this positive association is amplified in firms where the CEO also serves as the board chair, suggesting that centralized leadership structures enhance strategic agility and resource allocation in response to emerging risks. We address potential endogeneity concerns using robust econometric techniques, including two-stage least squares (2SLS) and Heckman selection models, confirming the reliability of our findings. These insights extend current ESG frameworks by incorporating digital resilience as an emerging driver of sustainability performance and enrich governance theory by highlighting the contextual influence of CEO duality on risk management strategies. The study offers practical implications for corporate leaders, investors, and policymakers. Firms can leverage cybersecurity risk management as a catalyst for strengthening ESG practices, particularly in sectors exposed to high digital risks. Governance structures that enable swift decision-making may enhance firms' capacity to align cybersecurity and sustainability goals. Policymakers are encouraged to consider integrating cybersecurity metrics into ESG disclosure frameworks to promote more comprehensive corporate accountability and resilience in the digital era.