Market pressure or regulatory pressure? U.S. small bank pre-emptive IT investment to data privacy regulation

Jin Huang; Xiangyu Lin; Xiaomeng Shi; S. Sarah Zhang

doi:10.1016/j.jcorpfin.2025.102863

Market pressure or regulatory pressure? U.S. small bank pre-emptive IT investment to data privacy regulation

Jin Huang, Xiangyu Lin^*, Xiaomeng Shi, S. Sarah Zhang

^*Corresponding author for this work

School of Intelligent Finance and Business

Research output: Contribution to journal › Article › peer-review

Abstract

We assess small banks' responses to announcements of state-level proposals of Privacy Protection Acts (PPAs). Employing a Difference-in-Differences framework, we uncover the proactive actions taken by U.S. small banks in anticipation of these proposals. Our findings reveal that the announcement of PPA proposals leads to a 35.46% increase in IT investment by U.S. small banks, primarily driven by market pressure, with regulatory pressure playing a more limited role. Particularly, evidence suggests that banks with greater competitive threats from their rivals are motivated to enhance their IT investments due to market pressures. However, our research also finds that this surge in IT investment does not immediately translate into benefits for small banks.

Original language	English
Article number	102863
Journal	Journal of Corporate Finance
Volume	95
DOIs	https://doi.org/10.1016/j.jcorpfin.2025.102863
Publication status	Published - Nov 2025

Keywords

Cybersecurity risk
Data privacy
IT investment
Regulation proposals
Small banks

Access to Document

10.1016/j.jcorpfin.2025.102863

Cite this

@article{2839fbee49ed436395dd7457cd8fdf3e,

title = "Market pressure or regulatory pressure? U.S. small bank pre-emptive IT investment to data privacy regulation",

abstract = "We assess small banks' responses to announcements of state-level proposals of Privacy Protection Acts (PPAs). Employing a Difference-in-Differences framework, we uncover the proactive actions taken by U.S. small banks in anticipation of these proposals. Our findings reveal that the announcement of PPA proposals leads to a 35.46% increase in IT investment by U.S. small banks, primarily driven by market pressure, with regulatory pressure playing a more limited role. Particularly, evidence suggests that banks with greater competitive threats from their rivals are motivated to enhance their IT investments due to market pressures. However, our research also finds that this surge in IT investment does not immediately translate into benefits for small banks.",

keywords = "Cybersecurity risk, Data privacy, IT investment, Regulation proposals, Small banks",

author = "Jin Huang and Xiangyu Lin and Xiaomeng Shi and Zhang, {S. Sarah}",

note = "Publisher Copyright: {\textcopyright} 2025 Elsevier B.V.",

year = "2025",

month = nov,

doi = "10.1016/j.jcorpfin.2025.102863",

language = "English",

volume = "95",

journal = "Journal of Corporate Finance",

issn = "0929-1199",

}

TY - JOUR

T1 - Market pressure or regulatory pressure? U.S. small bank pre-emptive IT investment to data privacy regulation

AU - Huang, Jin

AU - Lin, Xiangyu

AU - Shi, Xiaomeng

AU - Zhang, S. Sarah

PY - 2025/11

Y1 - 2025/11

N2 - We assess small banks' responses to announcements of state-level proposals of Privacy Protection Acts (PPAs). Employing a Difference-in-Differences framework, we uncover the proactive actions taken by U.S. small banks in anticipation of these proposals. Our findings reveal that the announcement of PPA proposals leads to a 35.46% increase in IT investment by U.S. small banks, primarily driven by market pressure, with regulatory pressure playing a more limited role. Particularly, evidence suggests that banks with greater competitive threats from their rivals are motivated to enhance their IT investments due to market pressures. However, our research also finds that this surge in IT investment does not immediately translate into benefits for small banks.

AB - We assess small banks' responses to announcements of state-level proposals of Privacy Protection Acts (PPAs). Employing a Difference-in-Differences framework, we uncover the proactive actions taken by U.S. small banks in anticipation of these proposals. Our findings reveal that the announcement of PPA proposals leads to a 35.46% increase in IT investment by U.S. small banks, primarily driven by market pressure, with regulatory pressure playing a more limited role. Particularly, evidence suggests that banks with greater competitive threats from their rivals are motivated to enhance their IT investments due to market pressures. However, our research also finds that this surge in IT investment does not immediately translate into benefits for small banks.

KW - Cybersecurity risk

KW - Data privacy

KW - IT investment

KW - Regulation proposals

KW - Small banks

UR - http://www.scopus.com/inward/record.url?scp=105013881786&partnerID=8YFLogxK

U2 - 10.1016/j.jcorpfin.2025.102863

DO - 10.1016/j.jcorpfin.2025.102863

M3 - Article

AN - SCOPUS:105013881786

SN - 0929-1199

VL - 95

JO - Journal of Corporate Finance

JF - Journal of Corporate Finance

M1 - 102863

ER -

Market pressure or regulatory pressure? U.S. small bank pre-emptive IT investment to data privacy regulation

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this