The impact of CIO characteristics on data breaches

IF 4.1 3区 管理学 Q2 BUSINESS International Journal of Accounting Information Systems Pub Date : 2021-12-01 DOI:10.1016/j.accinf.2021.100532
Thomas Smith , Amanuel F. Tadesse , Nishani Edirisinghe Vincent
{"title":"The impact of CIO characteristics on data breaches","authors":"Thomas Smith ,&nbsp;Amanuel F. Tadesse ,&nbsp;Nishani Edirisinghe Vincent","doi":"10.1016/j.accinf.2021.100532","DOIUrl":null,"url":null,"abstract":"<div><p>The exponential rate of increase in IT security breach incidents has led governments, regulators, and practitioners to respond by introducing standards and frameworks for the disclosure and management of organizational cybersecurity risk exposure. Cybersecurity, which is a part of IT risk management, is affected by the capability and the ability of senior leadership responsible for IT-related decisions. This paper uses hand-collected data related to the Chief Information Officer (CIO) for S&amp;P 500 firms and explores whether the presence of a CIO role, human capital characteristics of the CIO, and structural capital characteristics of the firm and the CIO are related to a firm’s cybersecurity risk exposure. This study finds that firms disclosing the presence of a CIO are more likely to be breached, even after matching on the likelihood of a breach and controlling for the likelihood that a firm would choose to disclose a CIO. This study also finds predictable variations in the likelihood of a breach among CIOs based on various human capital dimensions (including past technology experience, external board memberships, firm tenure, and CIO tenure) and structural capital dimensions (including a recognized commitment to IT and charging the CIO with multiple responsibilities). Finally, this study finds evidence that the observed associations depend on both the source of the breach (external vs. internal) as well as the type of data compromised by the breach (e.g. financial, personal, etc.). The results of this study contribute to the growing body of academic breach literature, while also informing practitioners as they evaluate the costs and benefits of various methods for combating breaches.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"43 ","pages":"Article 100532"},"PeriodicalIF":4.1000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Accounting Information Systems","FirstCategoryId":"91","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1467089521000348","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS","Score":null,"Total":0}
引用次数: 6

Abstract

The exponential rate of increase in IT security breach incidents has led governments, regulators, and practitioners to respond by introducing standards and frameworks for the disclosure and management of organizational cybersecurity risk exposure. Cybersecurity, which is a part of IT risk management, is affected by the capability and the ability of senior leadership responsible for IT-related decisions. This paper uses hand-collected data related to the Chief Information Officer (CIO) for S&P 500 firms and explores whether the presence of a CIO role, human capital characteristics of the CIO, and structural capital characteristics of the firm and the CIO are related to a firm’s cybersecurity risk exposure. This study finds that firms disclosing the presence of a CIO are more likely to be breached, even after matching on the likelihood of a breach and controlling for the likelihood that a firm would choose to disclose a CIO. This study also finds predictable variations in the likelihood of a breach among CIOs based on various human capital dimensions (including past technology experience, external board memberships, firm tenure, and CIO tenure) and structural capital dimensions (including a recognized commitment to IT and charging the CIO with multiple responsibilities). Finally, this study finds evidence that the observed associations depend on both the source of the breach (external vs. internal) as well as the type of data compromised by the breach (e.g. financial, personal, etc.). The results of this study contribute to the growing body of academic breach literature, while also informing practitioners as they evaluate the costs and benefits of various methods for combating breaches.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
CIO特征对数据泄露的影响
IT安全漏洞事件呈指数级增长,导致政府、监管机构和从业人员通过引入标准和框架来应对组织网络安全风险的披露和管理。网络安全是IT风险管理的一部分,受负责IT相关决策的高级领导的能力和能力的影响。本文使用标准普尔500强公司首席信息官(CIO)的手工收集数据,探讨了CIO角色的存在、CIO的人力资本特征以及公司和CIO的结构资本特征是否与公司的网络安全风险暴露有关。本研究发现,即使在对违规可能性进行匹配并控制公司选择披露首席信息官的可能性之后,披露首席信息官存在的公司更有可能被攻破。本研究还发现,基于各种人力资本维度(包括过去的技术经验、外部董事会成员、公司任期和首席信息官任期)和结构资本维度(包括对IT的公认承诺和向首席信息官承担多重责任),首席信息官之间违约可能性的可预测变化。最后,本研究发现证据表明,观察到的关联取决于泄露的来源(外部与内部)以及泄露的数据类型(例如财务、个人等)。这项研究的结果有助于越来越多的学术违规文献,同时也为从业者提供信息,因为他们评估了各种打击违规方法的成本和收益。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
9.00
自引率
6.50%
发文量
23
期刊介绍: The International Journal of Accounting Information Systems will publish thoughtful, well developed articles that examine the rapidly evolving relationship between accounting and information technology. Articles may range from empirical to analytical, from practice-based to the development of new techniques, but must be related to problems facing the integration of accounting and information technology. The journal will address (but will not limit itself to) the following specific issues: control and auditability of information systems; management of information technology; artificial intelligence research in accounting; development issues in accounting and information systems; human factors issues related to information technology; development of theories related to information technology; methodological issues in information technology research; information systems validation; human–computer interaction research in accounting information systems. The journal welcomes and encourages articles from both practitioners and academicians.
期刊最新文献
Bridging the gap in talent: A framework for interdisciplinary research on autism spectrum disorder persons in accounting and information systems A scoping review of ChatGPT research in accounting and finance Digital transformation voluntary disclosure: Insights from leading European companies Understanding cybersecurity breach contagion effects: The role of the loss heuristic and internal controls Internal control risk disclosure, media coverage and stock price crash risk: Evidence from China
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1