Mandatory Data Breach Disclosure and Insider Trading

We examine whether mandatory data breach disclosure affects insider-selling behavior and find that selling profits are greater after states require firms to disclose data breaches. The effect is more pronounced for firms with weaker corporate governance, higher cybersecurity risk, and without prior investment in material cyber protection programs. However, insiders profit less when they operate in states with stricter laws and face higher litigation risks. The evidence is consistent with managers personally hedging risks in the capital market when mandatory disclosure laws designed to protect customers are weakly enforced. Laws designed to improve transparency in the product markets may have the unintended effect of reducing the integrity of financial markets. However, insider sales also facilitate the incorporation of bad news in stock prices, making idiosyncratic crashes less likely.