Learning from Digital Failures? The Effectiveness of Firms’ Divestiture and Management Turnover Responses to Data Breaches

We examine whether firms learn from digital technology failures in the form of data breach events, based on the effectiveness of their failure responses. We argue that firms experiencing such technological failures interpret them broadly as organizational problems, and undertake unrelated divestitures and top management turnover to achieve better standardization and to remove dysfunctional routines. We test our hypotheses on unrelated subsidiary divestitures and chief technology officer (CTO) turnovers undertaken by 8,760 publicly traded U.S. firms that were at risk of experiencing data breaches involving the loss of personally identifiable information during the period 2005–2016. We find that data breaches significantly increase the hazard of unrelated divestitures and CTO turnover, and that these failure responses are sensitive to firms’ aspiration-performance feedback. However, whereas unrelated divestitures reduce the reoccurrence of data breaches, CTO turnover has no significant effect. Our findings suggest a corrective role of unrelated divestitures for failure learning, and the symbolic nature of CTO turnover as a failure response. Our study unpacks failure learning that hitherto has been inferred from a firm’s own failure experience and industry-wide failures, and highlights the interplay between the digital and nondigital components of a firm in the understudied context of data breaches.