Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

Asymmetric Learning Effects of Chief Information Officer Outside Board Appointments: Cybersecurity Implications for Sender and Receiver Firms

Published Online:17 Dec 2025https://doi.org/10.1287/isre.2024.1003

References

  • Angst CM, Block ES, D’Arcy J, Kelley K (2017) When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quart. 41(3):893–916.CrossrefGoogle Scholar
  • Arellano M, Bond S (1991) Some tests of specification for panel data: Monte Carlo evidence and an application to employment equations. Rev. Econom. Stud. 58(2):277–297.CrossrefGoogle Scholar
  • Argote L, Hwang E (2018) Organizational learning. Augier M, Teece D, eds. The Palgrave Encyclopedia of Strategic Management (Palgrave Macmillan, London).CrossrefGoogle Scholar
  • Ashraf M (2022) The role of peer events in corporate governance: Evidence from data breaches. Accounting Rev. 97(2):1–24.CrossrefGoogle Scholar
  • Ashraf M, Michas PN, Russomanno D (2020) The impact of audit committee information technology expertise on the reliability and timeliness of financial reporting. Accounting Rev. 95(5):23–56.CrossrefGoogle Scholar
  • Autor DH (2003) Outsourcing at will: The contribution of unjust dismissal doctrine to the growth of employment outsourcing. J. Labor Econom. 21(1):1–42.CrossrefGoogle Scholar
  • Aziz A, Li H, Telang R (2023) The consequences of rating inflation on platforms: Evidence from a quasi-experiment. Inform. Systems Res. 34(2):590–608.LinkGoogle Scholar
  • Bamber LS, Jiang J, Wang IY (2010) What’s my style? The influence of top managers on voluntary corporate financial disclosure. Accounting Rev. 85(4):1131–1162.CrossrefGoogle Scholar
  • Bandodkar N, Grover V (2022) Does it pay to have CIOs on the board? Creating value by appointing C-level IT executives to the board of directors. J. Assoc. Inform. Systems 23(4):838–888.Google Scholar
  • Banker RD, Feng C (2019) The impact of information security breach incidents on CIO turnover. J. Inform. Systems 33(3):309–329.CrossrefGoogle Scholar
  • Banker RD, Hu N, Pavlou PA, Luftman J (2011) CIO reporting structure, strategic positioning, and firm performance. MIS Quart. 35(2):487–504.CrossrefGoogle Scholar
  • Basten D, Haamann T (2018) Approaches to organizational learning: A literature review. Sage Open 8(3):1–20.CrossrefGoogle Scholar
  • Beck N (2020) Estimating grouped data models with a binary-dependent variable and fixed effects via a logit versus a linear probability model: The impact of dropped units. Political Anal. 28(1):139–145.CrossrefGoogle Scholar
  • Bertrand M, Mullainathan S (2003) Enjoying the quiet life? Corporate governance and managerial preferences. J. Political Econom. 111(5):1043–1075.CrossrefGoogle Scholar
  • Bertrand M, Schoar A (2003) Managing with style: The effects of managers on firm policies. Quart. J. Econom. 118(4):1169–1208.CrossrefGoogle Scholar
  • Bertrand M, Duflo E, Mullainathan S (2004) How much should we trust differences-in-differences estimates? Quart. J. Econom. 119(1):249–275.CrossrefGoogle Scholar
  • Benaroch M, Chernobai A (2017) Operational IT failures, IT value destruction, and board-level IT governance changes. MIS Quart. 41(3):729–762.CrossrefGoogle Scholar
  • Bizjak J, Lemmon M, Whitby R (2009) Option backdating and board interlocks. Rev. Financial Stud. 22(11):4821–4847.CrossrefGoogle Scholar
  • Booth JR, Deli DN (1996) Factors affecting the number of outside directorships held by CEOs. J. Financial Econom. 40:81–104.CrossrefGoogle Scholar
  • Chen DQ, Zhang Y, Xiao J, Xie K (2021) Making digital innovation happen: A chief information officer issue selling perspective. Inform. Systems Res. 32(3):987–1008.LinkGoogle Scholar
  • Cheng Z, Rai A, Tian F, Xue SX (2021) Social learning in information technology investment: The role of board interlocks. Management Sci. 67(1):547–576.LinkGoogle Scholar
  • Chiu PC, Teoh SH, Tian F (2013) Board interlocks and earnings management contagion. Accounting Rev. 88(3):915–944.CrossrefGoogle Scholar
  • Cunningham LM, Myers LA, Short JC (2024) Do CFO outside directorships benefit or harm home firm financial reporting quality? Accounting Horizons 38(2):101–119.CrossrefGoogle Scholar
  • D’Arcy J, Adjerid I, Angst CM, Glavas A (2020) Too good to be true: Firm social performance and the risk of data breach. Inform. Systems Res. 31(4):1200–1223.LinkGoogle Scholar
  • Ganju KK, Atasoy H, McCullough J, Greenwood B (2020) The role of decision support systems in attenuating racial biases in healthcare delivery. Management Sci. 66(11):5171–5181.LinkGoogle Scholar
  • Ge W, Matsumoto D, Zhang JL (2011) Do CFOs have style? An empirical investigation of the effect of individual CFOs on accounting practices. Contemporary Accounting Res. 28(4):1141–1179.CrossrefGoogle Scholar
  • Geletkanycz MA, Boyd BK (2011) CEO outside directorships and firm performance: A reconciliation of agency and embeddedness views. Acad. Management J. 54(2):335–352.CrossrefGoogle Scholar
  • Geletkanycz MA, Hambrick DC (1997) The external ties of top executives: Implications for strategic choice and performance. Admin. Sci. Quart. 42(4):654–681.CrossrefGoogle Scholar
  • Hainmueller J (2012) Entropy balancing for causal effects: A multivariate reweighting method to produce balanced samples in observational studies. Political Anal. 20(1):25–46.CrossrefGoogle Scholar
  • Haislip J, Lim J, Pinsker R (2021) The impact of executives’ IT expertise on reported data security breaches. Inform. Systems Res. 32(2):318–334.LinkGoogle Scholar
  • Higgs JL, Pinsker RE, Smith TJ, Young GR (2016) The relationship between board-level technology committees and reported security breaches. J. Inform. Systems 30(3):79–98.CrossrefGoogle Scholar
  • IBM (2024) Cost of data breach report 2024. Accessed July 21, 2025, https://www.ibm.com/reports/data-breach.Google Scholar
  • Johnson M (2020) Five compelling reasons why CIOs should pursue board seats now. CIO (October 1), https://www.cio.com/article/194057/5-compelling-reasons-why-cios-should-pursue-board-seats-now.html.Google Scholar
  • Johnson V, Torres R, Maurer C, Guerra K, Srivastava S (2023) The 2022 SIM IT issues and trends study. MIS Quart. Executive 22(1):6.Google Scholar
  • Kappelman L, Johnson V, Torres R, Maurer C, McLean E (2019) A study of information systems issues, practices, and leadership in Europe. Eur. J. Inform. Systems 28(1):26–42.CrossrefGoogle Scholar
  • Kettles D, Mazzola D, Richardson B (2024) The path to becoming a fortune 500 CIO. MIS Quart. Executive 23(2):213–234.Google Scholar
  • Khan S (2019) CFO outside directorship and financial misstatements. Accounting Horizons 33(4):59–75.CrossrefGoogle Scholar
  • Khan S, Mauldin E (2021) Benefit or burden? A comparison of CFO and CEO outside directorships. J. Bus. Finance Accounting 48(7–8):1175–1214.CrossrefGoogle Scholar
  • Kim SH, Kwon J (2019) How do EHRs and a meaningful use initiative affect breaches of patient information? Inform. Systems Res. 30(4):1184–1202.LinkGoogle Scholar
  • Kim J-B, Wang C, Wu F (2024) Privacy breaches and the effect of customer notification. MIS Quart. 48(4):1483–1502.CrossrefGoogle Scholar
  • Kitchens B, Kumar A, Pathak P (2018) Electronic markets and geographic competition among small, local firms. Inform. Systems Res. 29(4):928–946.LinkGoogle Scholar
  • Kwon J, Johnson ME (2014) Proactive versus reactive security investments in the healthcare sector. MIS Quart. 38(2):451–471.CrossrefGoogle Scholar
  • Kwon J, Johnson ME (2018) Meaningful healthcare security: Does meaningful-use attestation improve information security performance? MIS Quart. 42(4):1043–1068.CrossrefGoogle Scholar
  • Kwon J, Ulmer JR, Wang T (2013) The association between top management involvement and compensation and information security breaches. J. Inform. Systems 27(1):219–236.CrossrefGoogle Scholar
  • Lamb NH, Roundy P (2016) The “ties that bind” board interlocks research: A systematic review. Management Res. Rev. 39(11):1516–1542.CrossrefGoogle Scholar
  • Lee K, Jin Q, Animesh A, Ramaprasad J (2022) Impact of ride-hailing services on transportation mode choices: Evidence from traffic and transit ridership. MIS Quart. 46(4):1875–1900.CrossrefGoogle Scholar
  • Li H, Yoo S (2024) Information systems sourcing strategies and organizational cybersecurity breaches. IEEE Trans. Engrg. Management 71:481–490.CrossrefGoogle Scholar
  • Li WW, Leung ACM, Yue WT (2023) Where is IT in information security? The interrelationship among IT investment, security awareness, and data breaches. MIS Quart. 47(1):317–342.CrossrefGoogle Scholar
  • Li Z, Lee G, Raghu TS, Shi ZM (2024) Impact of the GDPR on the global mobile app market: Digital trade implications of data protection and privacy regulations. Inform. Systems Res. 36(2):669–689.LinkGoogle Scholar
  • Liu X, Pinsonneault A, Qu WG, Dong JQ (2024) Board interlocks with information technology firms and innovation outcomes: A resource dependence perspective. J. Management Inform. Systems 41(3):812–838.CrossrefGoogle Scholar
  • Lowry MR, Vance A, Vance MD (2025) Inexpert supervision: Field evidence on boards’ oversight of cybersecurity. Management Sci., ePub ahead of print May 23, https://doi.org/10.1287/mnsc.2023.04147.LinkGoogle Scholar
  • Ma Z, Shi L, Yu K, Zhou N (2024) Director interlocks: Information transfer in board networks. Encyclopedia 4(1):117–124.CrossrefGoogle Scholar
  • McMullin JL, Schonberger B (2020) Entropy-balanced accruals. Rev. Accounting Stud. 25(1):84–119.CrossrefGoogle Scholar
  • Mehrizi MHR, Nicolini D, Model JR (2022) How do organizations learn from information systems incidents? A synthesis of the past, present, and future. MIS Quart. 46(1):531–590.CrossrefGoogle Scholar
  • Ocasio W (1997) Towards an attention-based view of the firm. Strategic Management J. 18(S1):187–206.CrossrefGoogle Scholar
  • Ozer GT, Greenwood BN, Gopal A (2023) Digital multisided platforms and women’s health: An empirical analysis of peer-to-peer lending and abortion rates. Inform. Systems Res. 34(1):223–252.LinkGoogle Scholar
  • Page R (2023) Examining the CIO time management dilemma. CIO (January 25), https://www.cio.com/article/419707/examining-the-cio-time-management-dilemma.html.Google Scholar
  • Parenty TJ, Domet JJ (2020) A Leader’s Guide to Cybersecurity: Why Boards Need to Lead—And How to Do It (Harvard Business Review Press, Boston).Google Scholar
  • Perry T, Peyer U (2005) Board seat accumulation by executives: A shareholder’s perspective. J. Finance 60(4):2083–2123.CrossrefGoogle Scholar
  • Proudfoot JG, Cram WA, Madnick S, Coden M (2023) The importance of board member actions for cybersecurity governance and risk management. MIS Quart. Executive 22(4):235–250.CrossrefGoogle Scholar
  • Ramsawak R, Buertey S, Maheshwari G, Dang D, Phan CT (2024) Interlocking boards and firm outcomes: A review. Management Decision 62(4):1291–1322.CrossrefGoogle Scholar
  • Reilly D (2022) How the board can help in the fight against cybersecurity threats. Fortune (June 22), https://fortune.com/2022/06/22/modern-board-cybersecurity-threats-attacks/.Google Scholar
  • Rosenstein S, Wyatt JG (1994) Shareholder wealth effects when an officer of one corporation joins the board of directors of another. Managerial Decision Econom. 15(4):317–327.CrossrefGoogle Scholar
  • Sahin Z, Vance A (2025) What do we need to know about the chief information security officer? A literature review and research agenda. Comput. Security 148:104063.CrossrefGoogle Scholar
  • Saldanha TJ, Andrade-Rojas MG, Kathuria A, Khuntia J, Krishnan MS (2024) How the locus of uncertainty shapes the influence of CEO long-term compensation on information technology capital investments. MIS Quart. 48(2):459–490.CrossrefGoogle Scholar
  • Saldanha TJ, Sahaym A, Mithas S, Andrade-Rojas MG, Kathuria A, Lee HH (2020) Turning liabilities of global operations into assets: IT-enabled social integration capacity and exploratory innovation. Inform. Systems Res. 31(2):361–382.LinkGoogle Scholar
  • SEC (2023) Final rule: Cybersecurity risk management, strategy, governance, and incident disclosure. Accessed August 5, 2023, https://www.sec.gov/files/rules/final/2023/33-11216.pdf.Google Scholar
  • Sen R, Borle S (2015) Examining the contextual risk of data breach: An empirical study. J. Management Inform. Systems 32(2):314–341.CrossrefGoogle Scholar
  • Smith T, Tadesse AF, Vincent NE (2021) The impact of CIO characteristics on data breaches. Internat. J. Accounting Inform. Systems 43:100532.CrossrefGoogle Scholar
  • Song J, Almedia P, Wu G (2003) Learning-by-hiring: When is mobility more likely to facilitate interfirm knowledge transfer? Management Sci. 49(4):351–365.LinkGoogle Scholar
  • Srinivasan S, Payne LS, Goyal N (2019a) Cyber breach at Target. HBR Case 117-027, Harvard Business School, Boston.Google Scholar
  • Srinivasan S, Pitcher Q, Goldberg JS (2019b) Data breach at Equifax. HBR Case 9-118-031, Harvard Business School, Boston.Google Scholar
  • Stephenson C, Olson N (2017) Why CIOs make great board directors. Harvard Bus. Rev. (March 15), https://hbr.org/2017/03/why-cios-make-great-board-directors.Google Scholar
  • Tang C, Li S, Ding Y, Gopal RD, Zhang G (2024) Racial discrimination and anti-discrimination: The COVID-19 pandemic’s impact on Chinese restaurants in North America. Inform. Systems Res. 35(3):1274–1295.LinkGoogle Scholar
  • Tzabbar D, Silverman BS, Aharonson BS (2015) Learning by hiring or hiring to avoid learning? J. Management Psych. 30(5):550–564.Google Scholar
  • Wang Q, Ngai EWT, Pienta D, Thatcher JB (2023) Information technology innovativeness and data breach risk: A longitudinal study. J. Management Inform. Systems 43(4):1139–1170.CrossrefGoogle Scholar
  • Xue L, Ray G, Zhao X (2017) Managerial incentives and IT strategic posture. Inform. Systems Res. 28(1):180–198.LinkGoogle Scholar
  • Zhang Z, Mount MP, Zhang SX (2025) A database of chief financial officer turnover and dismissal in S&P 500 firms, 2000-2022. Strategic Management J. 46(5):1293–1321.CrossrefGoogle Scholar
  • Zhu JJ, Tuo L, Thomson M (2024) A preemptive and curative solution to mitigate data breaches: The double-layer of protection from corporate social responsibility. J. Marketing Res. 61(4):778–801.CrossrefGoogle Scholar
  • Zukis B (2019) Why CIOs make the perfect corporate board members. Forbes (April 22), https://www.forbes.com/sites/bobzukis/2019/04/22/why-cios-make-the-perfect-corporate-board-members/.Google Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree