The Impact of Executives’ IT Expertise on Reported Data Security Breaches

References

• Amato N (2017) CFOs try to focus on strategy, but IT systems get in the way. J. Accountancy (March 30), https://www.journalofaccountancy.com/news/2017/mar/cfos-hampered-by-legacy-it-systems-201716351.html.Google Scholar
• Amir E , Levi S , Livine T (2018) Do firms underreport information on cyber-attacks? Evidence from capital markets. Rev. Accounting Stud. 23(3):1177–1206.Crossref, Google Scholar
• Applegate L , Elam J (1992) New information systems leaders: A changing role in a changing world. MIS Quart. 16(4):469–490.Crossref, Google Scholar
• Armstrong CP , Sambamurthy V (1999) IT assimilation in firms: The influence of senior leadership and IT infrastructures. Inform. Systems Res. 10(4):304–327.Link, Google Scholar
• Bailey T , Kaplan J , Rezek C (2014) Why senior leaders are on the front line against cyberattacks. McKinsey & Company (June 1), https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/why-senior-leaders-are-the-front-line-against-cyberattacks.Google Scholar
• Banker RD , Feng CQ (2019) The impact of security breach incidents on CIO turnover. J. Inform. Systems 33(3):309–329.Crossref, Google Scholar
• Banker RD , Hu N , Pavlou PA , Luftman J (2011) CIO reporting structure, strategic positioning, and firm performance. MIS Quart. 35(2):487–504.Crossref, Google Scholar
• Bassellier G , Benbasat I , Reich BH (2003) The influence of business managers’ IT competence on championing IT. Inform. Systems Res. 14(4):317–336.Link, Google Scholar
• Bassellier G , Reich BH , Benbasat I (2001) Information technology competence of business managers: A definition and research model. J. Management Inform. Systems 17(4):159–182.Crossref, Google Scholar
• Benaroch M , Chernobai A (2017) Operational IT failures, IT value-destruction, and board-level IT governance changes. MIS Quart. 41(3):729–762.Crossref, Google Scholar
• Bertrand M , Schoar A (2003) Managing with style: The effect of managers on firm policies. Quart. J. Econom. 118(4):1169–1208.Crossref, Google Scholar
• Bharadwaj A , El Sawy O , Pavlou P , Venkatraman N (2013) Digital business strategy: Toward a next generation of insights. MIS Quart. 37(2):471–482.Crossref, Google Scholar
• Boritz E , Efendi J , Lim JH (2018) The impact of senior management competencies on the voluntary adoption of an innovative technology. J. Inform. Systems 32(4):25–46.Crossref, Google Scholar
• Campbell K , Gordon LA , Loeb MP , Zhou L (2003) The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. J. Comput. Security 11(3):431–448.Crossref, Google Scholar
• Carpenter MA , Geletkanycz MA , Sanders WG (2004) Upper echelons research revisited: Antecedents, elements, and consequences of top management team composition. J. Management 30(6):749–778.Crossref, Google Scholar
• Cavusoglu H , Mishra B , Raghunathan S (2004) The effect of Internet security breach announcements on market value of breached firms and Internet security developers. Internat. J. Electronic Commerce 9(1):69–105.Crossref, Google Scholar
• Chatterjee D , Richardson VJ , Zmud RW (2001) Examining the shareholder wealth effects of announcements of newly created CIO positions. MIS Quart. 25(1):43–70.Crossref, Google Scholar
• Cohen J (1960) A coefficient for agreement for nominal scales. Ed. Psych. Measurement 20(1):37–46.Crossref, Google Scholar
• Daily CM , Johnson JL (1997) Sources of CEO power and firm financial performance: A longitudinal assessment. J. Management 23(2):97–117.Crossref, Google Scholar
• Dehning B , Richardson VJ , Zmud RW (2003) The value relevance of announcements of transformational information technology investments. MIS Quart. 27(4):637–656.Crossref, Google Scholar
• Deloitte (2020) Global cyber executive briefing. Accessed May 1, 2020, https://www2.deloitte.com/global/en/pages/risk/articles/High-Technology-Sector.html Google Scholar
• Devaraj S , Kohli R (2003) Performance impacts of information technology: Is actual usage the missing link? Management Sci. 49:273–289.Link, Google Scholar
• Dickson J (2015) 6 ways the Sony hack changes everything. Accessed March 29, 2017, http://www.darkreading.com/risk/6-ways-the-sony-hack-changes-everything-/a/d-id/1319415.Google Scholar
• Earl MJ , Feeny DF (1994) Is your CIO adding value? Sloan Management Rev. (Spring):11–20.Google Scholar
• Feng C , Wang T (2019) Does CIO risk appetite matter? Evidence from information security breach incidents. Internat. J. Accounting Inform. Systems 32:59–75.Crossref, Google Scholar
• Finkelstein S (1992) Power in top management teams: Dimensions, measurement, and validation. Acad. Management J. 35(3):505–538.Crossref, Google Scholar
• Fung B (2018) Equifax’s massive 2017 data breach keeps getting worse. Washington Post (March 1), https://www.washingtonpost.com/news/the-switch/wp/2018/03/01/equifax-keeps-findingmillions-more-people-who-were-affected-by-its-massive-databreach/?noredirect=on&utm_term=.36a8868c885d Google Scholar
• Gartner (2015) Survey analysis: Critical CFO technology needs: 2015 Gartner FEI Study. Accessed March 29, 2017, https://www.gartner.com/doc/3114318/survey-analysis-critical-cfo-technology.Google Scholar
• Gessin S (2017) The Equifax data breach: What to do. Accessed February 2, 2018, https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.Google Scholar
• Goel S , Shawky HA (2009) Estimating the market impact of security breach announcements on firm values. Inform. Management 46:404–410.Crossref, Google Scholar
• Gordon LA , Loeb MP (2002) The economics of information security investment. ACM Trans. Inform. Systems Security 5(4):438–457.Crossref, Google Scholar
• Gordon LA , Loeb MP , Sohail T (2010) Market value of voluntary disclosures concerning information security. MIS Quart. 34(3):567–594.Crossref, Google Scholar
• Grover V , Jeong S-R , Kettinger WJ , Lee CC (1993) The chief information officer: A study of managerial roles. J. MIS 10(2):107–130.Google Scholar
• Gwebu KL , Wang J , Wang L (2018) The role of corporate reputation and crisis response strategies in data breach management. J. MIS 35(2):683–714.Google Scholar
• Hainmueller J (2012) Entropy balancing for causal effects: A multivariate reweighting method to produce balanced samples in observations studies. Political Anal. 20:25–46.Crossref, Google Scholar
• Haislip J , Richardson VJ (2018) The effect of CEO IT expertise on the information environment: Evidence from earnings forecasts and announcements. J. Inform. Systems 32(2):71–94.Crossref, Google Scholar
• Haislip J , Karim K , Lin KJ , Pinsker R (2020) The influences of CEO IT expertise and board-level technology committees on Form 8-K disclosure timeliness. J. Inform. Systems 34(2):167–185.Crossref, Google Scholar
• Haislip J , Masli A , Richardson V , Sanchez JM (2016) Repairing organizational legitimacy following information technology (IT) material weaknesses: Executive turnover, IT expertise, and IT system upgrades. J. Inform. Systems 30(1):41–70.Crossref, Google Scholar
• Hambrick D (2007) Upper echelon theory: An update. Acad. Management Rev. 32(2):334–343.Crossref, Google Scholar
• Hambrick D , Mason P (1984) Upper echelons: The organization as a reflection of its top managers. Acad. Management Rev. 9(2):193–206.Crossref, Google Scholar
• Heckman J (1979) Sample selection bias as a specification error. Econometrica 47(1):153–161.Crossref, Google Scholar
• Higgs J , Pinsker R , Smith T , Young G (2016) The relationship between board-level technology committees and reported security breaches. J. Inform. Systems 30(3):79–98.Crossref, Google Scholar
• Hu Q , Dinev T , Hart P , Cooke D (2012) Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sci. 43(4):615–660.Crossref, Google Scholar
• ISACA (2012) COBIT 5 for Information Security (ISACA, Schaumburg, IL).Google Scholar
• ISACA (2013) COBIT 5: A Business Framework for the Governance and Management of Enterprise IT (ISACA, Schaumburg, IL).Google Scholar
• IT Governance Institute (2003) Board Briefing on IT Governance , 2nd ed. (ITGI, Rolling Meadows, IL)Google Scholar
• Jarvenpaa SL , Ives B (1991) Executive involvement and participation in the management of information technology. MIS Quart. 15(2):205–227.Crossref, Google Scholar
• Jensen M , Zajac EJ (2004) Corporate elites and corporate strategy: How demographic preferences and structural position shape the scope of the firm. Strategic Management J. 25(6):507–524.Crossref, Google Scholar
• Jervis R (1982) Security regimes. Internat. Organ. 36(2):357–378.Crossref, Google Scholar
• Johnson AM , Lederer AL (2005) CEO/CIO mutual understanding, strategic alignment, and the contribution of IS to the organization. Inform. Management 47(3):138–149.Crossref, Google Scholar
• Johnson ME , Goetz E (2007) Embedding information security into the organization. IEEE Security Privacy 5(3):16–24.Crossref, Google Scholar
• Kang E (2008) Director interlocks and spillover effects of reputational penalties from financial reporting fraud. Acad. Management J. 51(3):537–555.Crossref, Google Scholar
• Kashmiri S , Nicol CD , Hsu L (2017) Birds of a feather: Intra-industry spillover of the Target customer data breach and the shielding role of IT, marketing, and CSR. J. Acad. Marketing Sci. 45:208–228.Crossref, Google Scholar
• Kim SH , Kwon J (2019) How do EHRs and a meaningful use initiative affect breaches of patient information? Inform. Systems Res. 30(4):1184–1202.Link, Google Scholar
• Kwon J , Johnson ME (2014) Proactive vs. reactive security investments in the healthcare sector. MIS Quart. 38(2):451–471.Crossref, Google Scholar
• Kwon J , Ulmer JR , Wang T (2013) The association between top management involvement and compensation and information security breaches. J. Inform. Systems 27(1):219–236.Crossref, Google Scholar
• Lee CH , Geng X , Raghunathan S (2016) Mandatory standards and organizational information security. Inform. Systems Res. 27(1):70–86.Link, Google Scholar
• Li C , Sun L , Ettredge M (2010) Financial executive quality, financial executive turnover, and adverse SOX 404 opinions. J. Accounting Econom. 50(1):93–110.Crossref, Google Scholar
• Lim JH , Han KS , Mithas S (2013b) How CIO influence IT investments and firm performance. International Conference on Information Systems (ICIS), Milan, Italy.Google Scholar
• Lim JH , Stratopoulos T , Wirjanto T (2012) Role of IT executives on the firm’s ability to achieve competitive advantage through IT capability. Internat. J. Accounting Inform. Systems 13(1):21–40.Crossref, Google Scholar
• Lim JH , Stratopoulos T , Wirjanto T (2013a) Sustainability of a firm’s reputation for IT capability: Role of senior IT executives. J. Management Inform. Systems 30(1):57–96.Crossref, Google Scholar
• Martin KD , Borah A , Palmatier RW (2017) Data privacy: Effects on customer and firm performance. J. Marketing 81:36–58.Crossref, Google Scholar
• Masli A , Richardson VJ , Watson MW , Zmud RW (2016) Senior executives’ IT management responsibilities: Serious IT-related deficiencies and CEO/CFO turnover. MIS Quart. 40(3):687–708.Crossref, Google Scholar
• Mitra S , Ransbotham S (2015) Information disclosure and the diffusion of information security attacks. Inform. Systems Res. 26(3):565–584.Link, Google Scholar
• Nolan RL , McFarlan FW (2005) Information technology and the board of directors. Harvard Bus. Rev. 83(10):96–106.Google Scholar
• Pang M-S , Tanriverdi H (2017) Security breaches in the U.S. federal government. Working paper, Fox School of Business, Temple University, Philadelphia, PA.Google Scholar
• Pirolli P (2007) Information Foraging Theory: Adaptive Interaction with Information (Oxford University Press, New York).Crossref, Google Scholar
• Ponemon Institute (2015) 2015 cost of cyber crime study: Global. Accessed May 1, 2020, http://www.cnmeonline.com/myresources/hpe/docs/HPE_SIEM_Analyst_Report_-_2015_Cost_of_Cyber_Crime_Study_-_Global.pdf.Google Scholar
• Porter ME (1980) Competitive Strategy: Techniques for Analyzing Industries and Competitors (Free Press, New York).Google Scholar
• Privacy Rights Clearinghouse (2018) What to do when you receive a data breach notice. Accessed April 25, 2020, https://www.privacyrights.org/consumer-guides/what-do-when-you-receive-data-breach-notice.Google Scholar
• PwC (2015) 18th annual global CEO survey. Accessed May 1, 2020, https://www.pwc.com/gx/en/ceo-survey/2015/assets/pwc-18th-annual-global-ceo-survey-jan-2015.pdf.Google Scholar
• Ransbotham S , Mitra S (2009) Choice and chance: A conceptual model of paths to information security compromise. Inform. Systems Res. 20(1):121–139.Link, Google Scholar
• Richardson VJ , Smith RE , Watson MW (2019) Much ado about nothing: The (lack of) economic impact of data privacy breaches. J. Inform. Systems 33(3):227–265.Crossref, Google Scholar
• Rosenbaum PR , Rubin DB (1983) The central role of the propensity score in observational studies for causal effects. Biometrica 70(1):41–55.Google Scholar
• Sambamurthy V , Zmud RW (2012) Guiding the Digital Transformation of Organizations (Legerity Digital Press, Tallahassee, FL)Google Scholar
• Schatz D , Bashroush R (2016) The impact of repeated data breach events on organisations’ market value. Inform. Computer Security 24(1):73–92.Crossref, Google Scholar
• Securities and Exchange Commission (2011) CF disclosure guidance: Topic No. 2: Cybersecurity. Accessed March 26, 2017, https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm.Google Scholar
• Securities and Exchange Commission (2018) Commission statement and guidance on public company cybersecurity disclosures. Accessed January 4, 2019, https://www.sec.gov/rules/interp/2018/33-10459.pdf.Google Scholar
• Sen R , Borle S (2015) Estimating the contextual risk of data breach: An empirical approach. J. Management Inform. Systems 32(2):314–341.Crossref, Google Scholar
• Shipman JE , Swanquist QT , Whited RL (2017) Propensity score matching in accounting research. Accounting Rev. 92(1):213–244.Crossref, Google Scholar
• Shroff N , Verdi RS , Yost BP (2017) When does the peer information environment matter? J. Accounting Econom. 64:183–214.Crossref, Google Scholar
• Smith T , Higgs J , Pinsker R (2019) Do auditors price breach risk in their audit fees? J. Inform. Systems 33(2):177–204.Crossref, Google Scholar
• Stephens C , Ledbetter W , Mitra A , Ford F (1992) Executive or functional manager: The nature of the CIO’s job. MIS Quart. 16(4):469–490.Crossref, Google Scholar
• Tanimura JK , Wehrly EW (2015) The market value and reputational effects from lost confidential information. Internat. J. Financial Management 5(4):18–35.Crossref, Google Scholar
• Terza JV (2017) Two-stage residual inclusion estimation: A practitioner’s guide to Stata implementation. Stata J. 17(4):916–938.Crossref, Google Scholar
• Vincent NE , Higgs JL , Pinsker RE (2017) IT governance and the maturity of risk management practices. J. Inform. Systems 31(1):59–77.Crossref, Google Scholar
• Wang J , Gupta M , Rao HR (2015) Insider threats in a financial institution: Analysis of attack-proneness of information systems applications. MIS Quart. 39(1):91–112.Crossref, Google Scholar
• Wang T , Kannan KN , Ulmer JR (2014) The association between the disclosure and the realization of information security risk factors. Inform. Systems Res. 24(2):201–218.Link, Google Scholar
• Weill P , Ross JW (2004) IT governance: How top performers manage IT decision rights for superior results. Report, Harvard Business School Press, Boston.Google Scholar
• Westby JR (2015) Governance of cybersecurity: 2015 report. Report, Georgia Tech Information Security Center, Atlanta.Google Scholar
• White H (1980) A heteroscedasticity-consistent covariance matrix estimator and a direct test for heteroscedasticity. Econometrica 48(4):817–838.Crossref, Google Scholar
• Woolridge JM (2002) Econometric analysis of cross section and panel data. Report, MIT Press, Cambridge, MA.Google Scholar
• Woolridge JM (2010) Econometric analysis of cress section and panel data. Report, MIT Press, Cambridge, MA.Google Scholar
• Wu SP-J , Straub DW , Liang T-P (2015) How information technology governance mechanisms and strategic alignment influence organizational performance: Insights from a matched survey of business and IT managers. MIS Quart. 39(2):497–518.Crossref, Google Scholar
• Yen JC , Lim JH , Wang T , Hsu C (2018) the impact of audit firms’ characteristics on audit fees following information security breaches. J. Accounting Public Policy 37(6):489–507.Crossref, Google Scholar