The impact of CIO characteristics on data breaches |
| |
| Affiliation: | 1. Associate Professor of Accounting, University of South Florida, 4202 E Fowler Avenue, Tampa, FL 33620, USA;2. Associate Professor of Accounting, University of New Orleans, 2000 Lakeshore Drive, New Orleans, LA 70148, USA;3. Associate Professor of Accounting, The University of Tennessee at Chattanooga, 615 McCallie Avenue, Chattanooga, TN 37403, USA;1. University of Northern Colorado, United States;2. University of Northern Colorado and Monash University, United States and Australia;3. Oregon State University, United States;4. Virginia Commonwealth University, United States;1. NHH Norwegian School of Economics, Norway; University of Central Florida, Unites States;2. University of Melbourne, Australia;1. Kate Tiedemann College of Business, University of South Florida-St. Petersburg, St. Petersburg, FL 33701, USA;2. College of Business, Texas A&M University-Corpus Christi, Corpus Christi, TX 78412, USA;3. School of Economics and Business, State University of New York at Oneonta, Oneonta, NY 13820, USA;1. College of Business Administration, University of Seoul, Seoulsiripdaero 163, Dongdaemun-gu, Seoul 02504, South Korea;2. Shidler College of Business, University of Hawaii at Manoa, 2404 Maile Way, Honolulu, HI 96822, United States;3. School of Management, Clark University, 950 Main Street, Worcester, MA 01610, United States;1. Suncheon Jeil College, Republic of Korea;2. Honam University, Republic of Korea;3. Chonnam National University, Republic of Korea |
| |
| Abstract: | The exponential rate of increase in IT security breach incidents has led governments, regulators, and practitioners to respond by introducing standards and frameworks for the disclosure and management of organizational cybersecurity risk exposure. Cybersecurity, which is a part of IT risk management, is affected by the capability and the ability of senior leadership responsible for IT-related decisions. This paper uses hand-collected data related to the Chief Information Officer (CIO) for S&P 500 firms and explores whether the presence of a CIO role, human capital characteristics of the CIO, and structural capital characteristics of the firm and the CIO are related to a firm’s cybersecurity risk exposure. This study finds that firms disclosing the presence of a CIO are more likely to be breached, even after matching on the likelihood of a breach and controlling for the likelihood that a firm would choose to disclose a CIO. This study also finds predictable variations in the likelihood of a breach among CIOs based on various human capital dimensions (including past technology experience, external board memberships, firm tenure, and CIO tenure) and structural capital dimensions (including a recognized commitment to IT and charging the CIO with multiple responsibilities). Finally, this study finds evidence that the observed associations depend on both the source of the breach (external vs. internal) as well as the type of data compromised by the breach (e.g. financial, personal, etc.). The results of this study contribute to the growing body of academic breach literature, while also informing practitioners as they evaluate the costs and benefits of various methods for combating breaches. |
| |
| Keywords: | Cybersecurity Chief information officer CIO characteristics Human capital Structural capital |
| 本文献已被 ScienceDirect 等数据库收录! |
|
