Start Date

16-8-2018 12:00 AM

Description

Facing an increasing information security threat, companies react by engaging in various counter-breach initiatives. The business value of such initiatives is under-studied. This paper utilizes an organizational legitimacy view, overlaid by behavioral theory of the firm (BTOF), to examine whether counter-breach initiatives are rewarded by the market, and whether the magnitude of such rewards depends on the institutional environment. Based on a dataset of 3,212 observations from 2005 to 2015, and focusing on counter-breach initiatives that are revealed in public announcements and/or emphasized in annual reports, the results unfold an overall significant positive effect of counter-breach initiatives on Tobin’s q and future return on assets. The findings reveal that this effect is more pronounced for breached firms in low-risk industries and un-breached firms in high-risk industries. This paper contributes to the information security literature by showing the positivity, as well as institutional heterogeneity, of the business value of counter-breach initiatives. \ \ Keywords: Information security; counter-breach initiative; annual report; public announcement; Tobin's q

Share

COinS
 
Aug 16th, 12:00 AM

The Business Value of Engaging in Counter-Breach Initiatives

Facing an increasing information security threat, companies react by engaging in various counter-breach initiatives. The business value of such initiatives is under-studied. This paper utilizes an organizational legitimacy view, overlaid by behavioral theory of the firm (BTOF), to examine whether counter-breach initiatives are rewarded by the market, and whether the magnitude of such rewards depends on the institutional environment. Based on a dataset of 3,212 observations from 2005 to 2015, and focusing on counter-breach initiatives that are revealed in public announcements and/or emphasized in annual reports, the results unfold an overall significant positive effect of counter-breach initiatives on Tobin’s q and future return on assets. The findings reveal that this effect is more pronounced for breached firms in low-risk industries and un-breached firms in high-risk industries. This paper contributes to the information security literature by showing the positivity, as well as institutional heterogeneity, of the business value of counter-breach initiatives. \ \ Keywords: Information security; counter-breach initiative; annual report; public announcement; Tobin's q