Hackers targeting companies that fake corporate responsibility

September 30, 2020

A new study suggests some hackers aren't just in it for the money but instead are motivated by their disappointment in a company's attempts to fake social responsibility.

"There is emerging evidence that the hacking community is not homogenous, and at least some hackers appear to be motivated by what they dislike, as opposed to solely financial gain," said John D'Arcy, a co-author and professor of management information systems (MIS) at the University of Delaware. "Recent hacks against the World Health Organization, due to its actions (or supposed inactions) related to the COVID-19 pandemic, are a case in point."

D'Arcy and his coauthors, interested in exploring whether a firm's corporate social performance (CSP) impacts their likelihood of being breached, studied a unique dataset that included information on data breach incidents, external assessments of firms' CSP and other factors. The results, published on Sept. 18 in the Information Systems Research paper "Too Good to Be True: Firm Social Performance and the Risk of Data Breach," were intriguing.

The key to these results, D'Arcy explained, lies in understanding the difference between two different types of corporate social responsibility efforts: those that are more minor and peripheral (like recycling programs or charitable donations) versus those that involve social responsibility being embedded throughout the firm's core business and processes (like diversity initiatives and producing eco-friendly products).

Companies only participating in peripheral efforts and not more deeply embedded ones are sometimes called "greenwashing," attempting to give the appearance of social responsibility without infusing such practices throughout their entire organization. According to D'Arcy's research, firms that do this are more likely to face problems from hackers.

"An example of a firm that has been accused of greenwashing is Walmart," D'Arcy said. "This is because Walmart has touted its investments in charitable causes and environmental programs, but at the same time has been criticized for providing low wages and neglecting investments in employees' physical and psychological working environment."

The study found that hackers of all kinds -- from internal disgruntled employees to external hacktivist groups -- can "sniff out" these actions that only give the appearance of social responsibility. To an even further extent, when companies not only are trying to improve their image but also are using these actions to mask poor overall CSP, they are especially likely to be breached.

"Consequently, these firms are more likely to be victimized by a malicious data breach for these reasons," D'Arcy said. "Firms may be placing a proverbial target on their back, in an information security sense, by engaging in greenwashing efforts."

Conversely, the study found that when firms that engage in more embedded and meaningful forms of corporate responsibility, they are more likely to see solely positive outcomes. In this case, that means fewer hacks and data breaches.

"These same internal and external hackers are likely to see such embedded CSP efforts as genuine attempts at social responsibility (in other words, the company is 'walking its talk' when it comes to social responsibility) and thus they will be less likely to target these firms for a computer attack that results in a breach," D'Arcy said.

What lessons should companies take from this research? D'Arcy warned that companies should be cautious about promoting peripheral CSP efforts if they have otherwise poor records on corporate social issues.

"What was once accepted as meaningful CSP activity may no longer appease certain stakeholders," he said. "And in this era of increased information transparency and greater expectations of the firm's role in society, engaging in only peripheral actions may result in stakeholder backlash. Firms need to be cautious about promoting their CSP activities unless they can defend their actions as embedded in core practices and as authentically motivated."

University of Delaware

Related Social Responsibility Articles from Brightsurf:

'Social cells' related to social behavior identified in the brain
A research team led by Professor TAKUMI Toru of Kobe University's Graduate School of Medicine (also a Senior Visiting Scientist at RIKEN Center for Biosystems Dynamics Research) have identified 'social cells' in the brain that are related to social behavior.

Hackers targeting companies that fake corporate responsibility
A new study found some hackers aren't in it for the money; they want to expose firms that engage in phony philanthropy.

Corporate social responsibility practices often lack 'on the ground' change -- SFU research
Companies that practice corporate social responsibility (CSR) could ensure more positive outcomes by tackling ''real change on the ground'' rather than focusing on single projects and budgets, according to Simon Fraser University political science professor Andy Hira.

Social media influencers could encourage adolescents to follow social distancing guidelines
Public health bodies should consider incentivizing social media influencers to encourage adolescents to follow social distancing guidelines, say researchers.

Firms perceived to fake social responsibility become targets for hackers, study shows
What corporate leaders may not realize is that strides they are making toward social responsibility may be placing a proverbial target on their backs -- if their efforts appear to be disingenuous, according to new research from the University of Notre Dame.

Social grooming factors influencing social media civility on COVID-19
A new study analyzing tweets about COVID-19 found that users with larger social networks tend to use fewer uncivil remarks when they have more positive responses from others.

Social isolation during adolescence drives long-term disruptions in social behavior
Mount Sinai Researchers find social isolation during key developmental windows drives long term changes to activity patterns of neurons involved in initiating social approach in an animal model.

Study: 'Value instantiation' key to luxury brands' and social responsibility
Although luxury brands and social responsibility seem fundamentally inconsistent with each other, the two entities can coexist in the mind of the consumer, provided the brand can find someone -- typically, a celebrity -- who successfully embodies the two conflicting value sets, says new research co-written by Carlos Torelli, a professor of business administration and James F.

Study: US presidents play surprising role in driving corporate social responsibility
A president's political party plays a big role in corporate social responsibility efforts, reveals new research from San Francisco State's Lam Family College of Business.

How to improve corporate social and environmental responsibility
New research led by the University of California, Riverside shows NGOs are more likely to sway companies into ethical behavior with carefully targeted reports that consider a range of factors affecting the companies and industries.

Read More: Social Responsibility News and Social Responsibility Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.