The Value of Auditors’ Cross-Client Learning in Preventing Data Breaches

65 Pages Posted: 15 Jan 2021

Date Written: December 30, 2020


I examine whether auditors generalize their knowledge across different clients (cross-client learning) to prevent data breaches. I focus on two audit mistakes. One relates directly to data breaches, and the other is severe restatements (indirect experiences strongly related to auditors’ reputational incentives), to gauge the extent to which auditors generalize their mistakes across clients to deter data breaches. I find that cross-client learning is stronger when learning experiences are similar, when these experiences directly relate to monitoring technologies (i.e., when auditors inspect a firm’s internal controls in integrated audits, including IT controls), when mistakes are more severe, and when clients are more receptive (i.e., in the presence of increased reputational risks and good internal controls). I also conduct interviews and an anonymous survey to collect information not captured by the empirical analyses. Collectively, my paper uses cross-client learning to explain whether and how third-party monitors can deter data breaches and quantifies the economic significance of this learning.

Keywords: Data breaches, auditing, internal control, information learning, reputation risk

JEL Classification: C81, C82, D83, L14, M15, M42

Suggested Citation

Liu, Lisa Yao, The Value of Auditors’ Cross-Client Learning in Preventing Data Breaches (December 30, 2020). Available at SSRN: or

Lisa Yao Liu (Contact Author)

Columbia Business School ( email )

3022 Broadway
New York, NY 10027
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics