Paper Number
ECIS2026-1827
Paper Type
CRP
Abstract
Artificial intelligence has become a strategic cornerstone of organizational transformation, offering the potential to enhance cybersecurity while introducing new risks. Drawing on Agency Theory, we develop a framework that distinguishes between Autonomous AI strategy and an Advisory AI strategy. Using a large language model –based classification of job postings linked to panel data on 3,006 U.S. firms, we empirically examine how these two AI strategies impact data breach risks. We find that an Autonomous AI strategy increases breach risk, whereas an Advisory AI strategy reduces it. Furthermore, greater AI deployment depth amplifies the effects of both strategies—intensifying risk under Autonomous AI while strengthening the protective benefits of Advisory AI. Moreover, stronger AI governance does not offset the risks of Autonomous AI but further enhances the security benefits of Advisory AI. These findings demonstrate that the security implications of AI depend critically on how decision authority is structured within organizations.
Recommended Citation
Srinivas, Santhosh and Zhang, Leting, "How Human-AI Decision Rights Shape Cybersecurity: Empirical Evidence On Data Breaches" (2026). ECIS 2026 Proceedings. 10.
https://aisel.aisnet.org/ecis2026/security/security/10
How Human-AI Decision Rights Shape Cybersecurity: Empirical Evidence On Data Breaches
Artificial intelligence has become a strategic cornerstone of organizational transformation, offering the potential to enhance cybersecurity while introducing new risks. Drawing on Agency Theory, we develop a framework that distinguishes between Autonomous AI strategy and an Advisory AI strategy. Using a large language model –based classification of job postings linked to panel data on 3,006 U.S. firms, we empirically examine how these two AI strategies impact data breach risks. We find that an Autonomous AI strategy increases breach risk, whereas an Advisory AI strategy reduces it. Furthermore, greater AI deployment depth amplifies the effects of both strategies—intensifying risk under Autonomous AI while strengthening the protective benefits of Advisory AI. Moreover, stronger AI governance does not offset the risks of Autonomous AI but further enhances the security benefits of Advisory AI. These findings demonstrate that the security implications of AI depend critically on how decision authority is structured within organizations.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.