Start Date
10-12-2017 12:00 AM
Description
Prior research on information security management often considers information security as an operational decision instead of a strategic decision, and there is a lack of empirical research that uses archival data to examine cybersecurity breaches. We study how two important strategic decisions with regard to information systems – IT centralization, and the outsourcing of information security – affect the likelihood of cybersecurity breaches by using a sample of 505 U.S. higher education institutions over a 4-year period. We find that a university with centralized IT decision making is associated with fewer cybersecurity breaches. Interestingly, the effect of centralized IT governance is contingent on the complexity of a university’s computing environment – schools with sophisticated IT infrastructure benefit more from centralized governance. In addition, we find that correcting for the self-selection bias, universities that opt for outsourcing their information security have a lower likelihood of suffering from a cybersecurity breach.
Recommended Citation
Liu, Che-Wei; Huang, Peng; and Lucas, Henry, "IT Centralization, Security Outsourcing, and Cybersecurity Breaches: Evidence from the U.S. Higher Education" (2017). ICIS 2017 Proceedings. 1.
https://aisel.aisnet.org/icis2017/Security/Presentations/1
IT Centralization, Security Outsourcing, and Cybersecurity Breaches: Evidence from the U.S. Higher Education
Prior research on information security management often considers information security as an operational decision instead of a strategic decision, and there is a lack of empirical research that uses archival data to examine cybersecurity breaches. We study how two important strategic decisions with regard to information systems – IT centralization, and the outsourcing of information security – affect the likelihood of cybersecurity breaches by using a sample of 505 U.S. higher education institutions over a 4-year period. We find that a university with centralized IT decision making is associated with fewer cybersecurity breaches. Interestingly, the effect of centralized IT governance is contingent on the complexity of a university’s computing environment – schools with sophisticated IT infrastructure benefit more from centralized governance. In addition, we find that correcting for the self-selection bias, universities that opt for outsourcing their information security have a lower likelihood of suffering from a cybersecurity breach.