4.3 Article

The impact of CIO characteristics on data breaches

INTERNATIONAL JOURNAL OF ACCOUNTING INFORMATION SYSTEMS (2021)

Get Full Text
Add to Collection

Journal

INTERNATIONAL JOURNAL OF ACCOUNTING INFORMATION SYSTEMS
Volume 43, Issue -, Pages -

Publisher

ELSEVIER
DOI: 10.1016/j.accinf.2021.100532

Keywords

Cybersecurity; Chief information officer; CIO characteristics; Human capital; Structural capital

Categories

Business Business, Finance Management

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

This study explores the role of Chief Information Officers (CIOs) in cybersecurity risk exposure, finding that firms disclosing the presence of a CIO are more likely to be breached. The research also reveals the impact of human and structural capital characteristics of CIOs on cybersecurity risk.
The exponential rate of increase in IT security breach incidents has led governments, regulators, and practitioners to respond by introducing standards and frameworks for the disclosure and management of organizational cybersecurity risk exposure. Cybersecurity, which is a part of IT risk management, is affected by the capability and the ability of senior leadership responsible for IT-related decisions. This paper uses hand-collected data related to the Chief Information Officer (CIO) for S&P 500 firms and explores whether the presence of a CIO role, human capital characteristics of the CIO, and structural capital characteristics of the firm and the CIO are related to a firm's cybersecurity risk exposure. This study finds that firms disclosing the presence of a CIO are more likely to be breached, even after matching on the likelihood of a breach and controlling for the likelihood that a firm would choose to disclose a CIO. This study also finds predictable variations in the likelihood of a breach among CIOs based on various human capital dimensions (including past technology experience, external board memberships, firm tenure, and CIO tenure) and structural capital dimensions (including a recognized commitment to IT and charging the CIO with multiple responsibilities). Finally, this study finds evidence that the observed associations depend on both the source of the breach (external vs. internal) as well as the type of data compromised by the breach (e.g. financial, personal, etc.). The results of this study contribute to the growing body of academic breach literature, while also informing practitioners as they evaluate the costs and benefits of various methods for combating breaches.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.3
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.