Paper Number

1345

Paper Type

Short

Abstract

While prior studies in Information Systems have recognized the important role of human factors in influencing cybersecurity risks, the focus has primarily been on a few high-ranking individuals within the organizations, such as Chief Information Officers. Our study diverges by adopting a comprehensive perspective, highlighting the important role played by employees across all hierarchical levels within the organization. Specifically, we investigate whether the turnover of employees engaged in IT-related tasks (i.e., IT employees) across all levels affects a firm’s cybersecurity risks. Using a deep learning technique, we identify all IT employees based on their job titles. Our empirical results show that there is a positive correlation between IT employee turnover and the likelihood of a firm experiencing data breaches. Further analysis reveals that recruiting new IT employees cannot mitigate the negative impact. Our study has both theoretical and practical implications for cybersecurity risk management.

Comments

06-Security

Share

COinS
Best Paper Nominee badge
 
Dec 15th, 12:00 AM

From Departure to Breach: The Impact of IT Employee Turnover on Cybersecurity Risks

While prior studies in Information Systems have recognized the important role of human factors in influencing cybersecurity risks, the focus has primarily been on a few high-ranking individuals within the organizations, such as Chief Information Officers. Our study diverges by adopting a comprehensive perspective, highlighting the important role played by employees across all hierarchical levels within the organization. Specifically, we investigate whether the turnover of employees engaged in IT-related tasks (i.e., IT employees) across all levels affects a firm’s cybersecurity risks. Using a deep learning technique, we identify all IT employees based on their job titles. Our empirical results show that there is a positive correlation between IT employee turnover and the likelihood of a firm experiencing data breaches. Further analysis reveals that recruiting new IT employees cannot mitigate the negative impact. Our study has both theoretical and practical implications for cybersecurity risk management.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.