Pat Akey, Stefan Lewellen, Inessa Liskovich, Christoph Schiller
Review of Finance, Volume 30, Issue 3, May 2026, Pages 795–862, https://doi.org/10.1093/rof/rfag009
Firms rely heavily on intangible capital, including reputational capital, yet little research explores how they respond to its destruction. This paper examines three key questions: (1) Which stakeholders react to reputation-damaging events? (2) What actions do firms take to repair reputations? (3) How do firms tailor responses based on specific stakeholders or situations?
We analyze reputation loss and repair in two contexts: data breaches (i.e., “hacks”) and a broader range of negative corporate events affecting ESG performance. Data breaches serve as a clear test case since they plausibly impact reputation without directly reflecting a firm’s product quality or financial condition. However, they also represent a very specific notion of lost reputation. To generalize our findings, we also examine 2,700 reputation-damaging events from RepRisk, revealing similar stakeholder reactions across both settings.
Our results confirm that many stakeholders care about firm reputation. We observe equity declines of 1–1.5% around both data breaches and RepRisk events. In response, managers discuss “reputation” and other reputation-related words more frequently in their conference calls. Additionally, consumer perception of a firm or its brands is also impacted by data breaches—survey-measures of brand strength are lower following a data breach and “customer churn” is higher following a RepRisk event. Finally, measures of traditional and social media become more negative.
Firms adopt multiple strategies to restore their reputations. Following data breaches, firms enhance IT security. They also engage in broader non-operational efforts after a data breach or RepRisk event, including increasing charitable contributions by $1.85 million annually for four years and increasing their likelihood of starting a charitable foundation. These efforts boost CSR scores by 0.3–0.65 standard deviations post-event. Political contributions also rise, particularly in firms with significant government contracts. Additionally, firms raise employee wages by up to $1,200 per worker after breaches affecting employee records, reflecting efforts to repair reputation with their employees.
Responses vary based on industry and stakeholder priorities. Consumer-facing firms (e.g., telecommunications, travel, and media) invest more heavily in CSR, likely using it as a tool for product market differentiation. Major government contractors increase political contributions more than others, especially following regulatory violations. Wage increases occur only when breaches impact employee records, demonstrating targeted internal responses.
Overall, firms rationally tailor reputation-repair strategies to the most affected stakeholders, reinforcing the long-term significance of corporate reputation management.