Start Date
16-8-2018 12:00 AM
Description
Facing an increasing information security threat, companies react by engaging in various counter-breach initiatives. The business value of such initiatives is under-studied. This paper utilizes an organizational legitimacy view, overlaid by behavioral theory of the firm (BTOF), to examine whether counter-breach initiatives are rewarded by the market, and whether the magnitude of such rewards depends on the institutional environment. Based on a dataset of 3,212 observations from 2005 to 2015, and focusing on counter-breach initiatives that are revealed in public announcements and/or emphasized in annual reports, the results unfold an overall significant positive effect of counter-breach initiatives on Tobin’s q and future return on assets. The findings reveal that this effect is more pronounced for breached firms in low-risk industries and un-breached firms in high-risk industries. This paper contributes to the information security literature by showing the positivity, as well as institutional heterogeneity, of the business value of counter-breach initiatives. \ \ Keywords: Information security; counter-breach initiative; annual report; public announcement; Tobin's q
Recommended Citation
Havakhor, Taha; Zhang, Tianjian; and Hammer, Bryan, "The Business Value of Engaging in Counter-Breach Initiatives" (2018). AMCIS 2018 Proceedings. 4.
https://aisel.aisnet.org/amcis2018/Security/Presentations/4
The Business Value of Engaging in Counter-Breach Initiatives
Facing an increasing information security threat, companies react by engaging in various counter-breach initiatives. The business value of such initiatives is under-studied. This paper utilizes an organizational legitimacy view, overlaid by behavioral theory of the firm (BTOF), to examine whether counter-breach initiatives are rewarded by the market, and whether the magnitude of such rewards depends on the institutional environment. Based on a dataset of 3,212 observations from 2005 to 2015, and focusing on counter-breach initiatives that are revealed in public announcements and/or emphasized in annual reports, the results unfold an overall significant positive effect of counter-breach initiatives on Tobin’s q and future return on assets. The findings reveal that this effect is more pronounced for breached firms in low-risk industries and un-breached firms in high-risk industries. This paper contributes to the information security literature by showing the positivity, as well as institutional heterogeneity, of the business value of counter-breach initiatives. \ \ Keywords: Information security; counter-breach initiative; annual report; public announcement; Tobin's q