Organizations’ growing exposure to IT operational risk, or the risk of failures of operational IT systems, could translate into significant losses. Despite this, there are notable theoretical and empirical gaps in the literature on IT operational risk. We propose the “resource weaknesses” framework, which extends the resource-based theory of the firm, as a theoretical lens for investigating IT operational risk and its impacts. We also theorize about and empirically examine the impact differences of two categories of IT operational failures: ones resulting in the disclosure, misuse, or destruction of data assets, and ones resulting in the loss of availability or the mis-operation of functional IT assets responsible for the handling of data assets. Whereas the former, data-related failures have had some coverage in the literature, little is known about the latter, function-related failures. We apply an event study analysis with a well-balanced data set of IT operational failure events that occurred in U.S. financial service firms over a 25-year period. We find that function-related events have a substantially larger negative wealth effect than data-related events, and that firm characteristics such as firm size and growth potential greatly influence the degree of wealth effect. We conclude with important implications for practice and research.
Goldstein, James; Chernobai, Anna; and Benaroch, Michel
"An Event Study Analysis of the Economic Impact of IT Operational Risk and its Subcategories,"
Journal of the Association for Information Systems, 12(9), .
Available at: https://aisel.aisnet.org/jais/vol12/iss9/1