How Faking Social Responsibility May Get Companies Hacked

Hackers may be motivated by more than just money, according to new research from UD’s John D’Arcy.

When we think about hackers, we might imagine someone stealing data and selling it on the dark web for financial gain. But new research from the University of Delaware’s John D’Arcy suggests that some hackers may have a different motivation: disappointment in a company’s attempts to fake social responsibility.

“There is emerging evidence that the hacking community is not homogenous, and at least some hackers appear to be motivated by what they dislike, as opposed to solely financial gain,” said D’Arcy, who is a professor of MIS at UD’s Alfred Lerner College of Business and Economics. “Recent hacks against the World Health Organization, due to its actions (or supposed inactions) related to the COVID-19 pandemic, are a case in point.”

D’Arcy and his coauthors, interested in exploring whether a firm’s corporate social performance (CSP) impacts their likelihood of being breached, studied a unique dataset that included information on data breach incidents, external assessments of firms’ CSP and other factors. The results, published this week in the Information Systems Research paper “Too Good to Be True: Firm Social Performance and the Risk of Data Breach,” were intriguing.

The key to these results, D’Arcy explained, lies in understanding the difference between two different types of corporate social responsibility efforts: those that are more minor and peripheral (like recycling programs or charitable donations) versus those that involve social responsibility being embedded throughout the firm’s core business and processes (like diversity initiatives and producing eco-friendly products).

Companies only participating in peripheral efforts and not more deeply embedded ones is sometimes called “greenwashing,” attempting to give the appearance of social responsibility without infusing such practices throughout their entire organization. According to D’Arcy’s research, firms that do this are more likely to face problems from hackers.

“An example of a firm that has been accused of greenwashing is Walmart,” D’Arcy said. “This is because Walmart has touted its investments in charitable causes and environmental programs, but at the same time has been criticized for providing low wages and neglecting investments in employees’ physical and psychological working environment.”

The study found that hackers of all kinds—from internal disgruntled employees to external hacktivist groups—can “sniff out” these actions that only give the appearance of social responsibility. To an even further extent, when companies not only are trying to improve their image but also are using these actions to mask poor overall CSP, they are especially likely to be breached.

“Consequently, these firms are more likely to be victimized by a malicious data breach for these reasons,” D’Arcy explained. “Firms may be placing a proverbial target on their back, in an information security sense, by engaging in greenwashing efforts.”

Conversely, the study found that when firms that engage in more embedded and meaningful forms of corporate responsibility, they are more likely to see solely positive outcomes. In this case, that means fewer hacks and data breaches.

“These same internal and external hackers are likely to see such embedded CSP efforts as genuine attempts at social responsibility (in other words, the company is ‘walking its talk’ when it comes to social responsibility) and thus they will be less likely to target these firms for a computer attack that results in a breach,” D’Arcy said.

So, what lessons should companies take from this research? D’Arcy warned that companies should be cautious about promoting peripheral CSP efforts if they have otherwise poor records on corporate social issues.

“What was once accepted as meaningful CSP activity may no longer appease certain stakeholders,” he explained. “And in this era of increased information transparency and greater expectations of the firm’s role in society, engaging in only peripheral actions may result in stakeholder backlash. Firms need to be cautious about promoting their CSP activities unless they can defend their actions as embedded in core practices and as authentically motivated.”

Graduate Student Stories: Tosin Idowu-Kunlere

Tosin Idowu-Kunlere is from Nigeria and is pursuing a dual MBA and M.S. in Business Analytics and Information Management at the University of Delaware’s Alfred Lerner College of Business and Economics. As a member of the Class of 2025, Tosin brings a strong background...

Lerner Offers Grad Scholarships, AI Programs for Fall 2025

The University of Delaware’s Alfred Lerner College of Business and Economics has expanded its graduate offerings for Fall 2025, including three new scholarship opportunities and three programs focused on artificial intelligence. Applications for Fall 2025 are open...

Lerner College Honors Six Outstanding Alumni at 2025 Awards

The University of Delaware’s Alfred Lerner College of Business and Economics recognized six distinguished graduates during the 2025 Lerner Alumni Awards ceremony, held on Friday, June 6, in the Lerner Hall Atrium. Part of UD’s annual Alumni Weekend, the event honored...

Three SWUFE-UD Students Become First to Graduate from Newark

The more than 1,400 Alfred Lerner College of Business and Economics graduates of the Class of 2025 have each travelled a long road to reach graduation. But three have travelled more than most. China natives Yihong Chen, Tingyu Zhang and Ruolan Zhi are the first...

Lerner Among 10 Undergrad Business Schools to Watch by P&Q

The University of Delaware’s Alfred Lerner College of Business and Economics has been included among the 2025 10 Undergraduate Business Schools To Watch by Poets&Quants. Lerner recently jumped up 13 places this year to No. 52 in Poets&Quants’ annual ranking of...

UD Lerner names Markus Schuckert chair of HSBM

The University of Delaware’s Alfred Lerner College of Business and Economics Dean Oliver Yao has announced the appointment of Markus Schuckert as chair of the Department of Hospitality and Sport Business Management (HSBM), effective Sept. 1, 2025. Schuckert will also...