The value of the CIO in the top management team on performance in the case of information security breaches

This study investigates whether presence of a CIO in the top management team (TMT) is an important indicator for better management of information, especially when an organization is involved in an information security breach incident. Using Upper Echelons Theory, our study relates the status of the CIO in an organization to organizational performance in the case of information security breaches using Tobin's q. We argue that when an organization experiences an information security breach, the organization that has the CIO in the TMT can recover any damages or losses from the security breach incident quicker than the organization that does not. We categorize security breach incidents using the confidentiality, integrity, and availability (CIA) triad (Solomon and Chapple 2005), and conclude that having the CIO in the TMT has a significant positive impact on firm performance in the aftermath of security breach incidents. However, the degree of impact on performance varies, depending on the type of security breach.