Wilson Weixun Li, Alvin Chung Man Leung, Wei Thoo Yue
{"title":"Where is IT in Information Security? The Interrelationship among IT Investment, Security Awareness, and Data Breaches","authors":"Wilson Weixun Li, Alvin Chung Man Leung, Wei Thoo Yue","doi":"10.25300/misq/2022/15713","DOIUrl":null,"url":null,"abstract":"Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches.","PeriodicalId":49807,"journal":{"name":"Mis Quarterly","volume":"12 3","pages":""},"PeriodicalIF":7.0000,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Mis Quarterly","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.25300/misq/2022/15713","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 9
Abstract
Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches.
期刊介绍:
Journal Name: MIS Quarterly
Editorial Objective:
The editorial objective of MIS Quarterly is focused on:
Enhancing and communicating knowledge related to:
Development of IT-based services
Management of IT resources
Use, impact, and economics of IT with managerial, organizational, and societal implications
Addressing professional issues affecting the Information Systems (IS) field as a whole
Key Focus Areas:
Development of IT-based services
Management of IT resources
Use, impact, and economics of IT with managerial, organizational, and societal implications
Professional issues affecting the IS field as a whole
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
