Based on research by Brown, L. W., Rasheed, A. A., & Bell, R. G.
Cybersecurity and financial institutions operate under fluid regulatory pressure—from SEC cybersecurity disclosures to Fed liquidity rules, CISA directives, MiCA, and emerging AI governance frameworks. Brown and colleagues clarify how firms don’t merely adapt to regulation—they use political investments to shape it, delay it, or bend it toward business advantage.
Key Points
• Corporate political activity (CPA) is a strategic instrument used to influence legislation, regulation, and government agendas.• CEO ideology, board composition, and firm experience shape how organizations engage in political action.
• Regulatory volatility, geopolitical risks, and social attention drive CPA intensity and tactics.
• Firms proactively shape policy or mitigate harmful implementation after laws are passed.
• CPA effectiveness varies by lobbying breadth, political connections, and alignment with sector goals.
Why This Matters
Cyber and finance are the two industries most exposed to asymmetric policy shocks. One new SEC cyber disclosure rule, one banking stress-test revision, or one FATF guidance update can shift capital flows by billions. Brown et al. show that the companies that outperform don’t merely comply—they engineer the regulatory terrain.
Cybersecurity
CrowdStrike, Palantir, and Cisco maintain sustained congressional engagement to shape procurement language, intelligence sharing protocols, and cyber-incident reporting burdens. These firms do not wait for CISA or DHS to publish mandates—they help design the mandates. That is strategic CPA.
Finance
The digital asset sector (Coinbase, Ripple, BlackRock) is not lobbying for favors—it is lobbying for clarity. Firms influence how stablecoins are classified, who supervises custodians, and which agencies adjudicate digital asset disputes. In contrast, companies that “free-ride,” assuming others will shape rules, often get regulated by surprise and lose.
The authors’ core contribution is particularly relevant to CISOs, risk officers, and CFOs: political strategy is not PR; it is risk control and market access. CPA reduces regulatory uncertainty, opens government contracting windows, and blunts punitive enforcement. It also determines whether cyber firms are treated as national security assets—or commoditized vendors.
For senior leaders in cyber or finance, the implication is simple: budget CPA like you budget R&D. Build policy coalitions, hire specialized lobbyists, place politically credible directors, and balance administrative mitigation (post-law) with proactive legislative shaping (pre-law). Waiting is strategically irresponsible.
Based upon the Analysis Of: Brown, L. W., Rasheed, A. A., & Bell, R. G. (2022). How and why? A review of corporate political activity predictors and actions. Group & Organization Management, 47(2), 440–484.
