IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v43y2021ics1467089521000348.html
   My bibliography  Save this article

The impact of CIO characteristics on data breaches

Author

Listed:
  • Smith, Thomas
  • Tadesse, Amanuel F.
  • Vincent, Nishani Edirisinghe

Abstract

The exponential rate of increase in IT security breach incidents has led governments, regulators, and practitioners to respond by introducing standards and frameworks for the disclosure and management of organizational cybersecurity risk exposure. Cybersecurity, which is a part of IT risk management, is affected by the capability and the ability of senior leadership responsible for IT-related decisions. This paper uses hand-collected data related to the Chief Information Officer (CIO) for S&P 500 firms and explores whether the presence of a CIO role, human capital characteristics of the CIO, and structural capital characteristics of the firm and the CIO are related to a firm’s cybersecurity risk exposure. This study finds that firms disclosing the presence of a CIO are more likely to be breached, even after matching on the likelihood of a breach and controlling for the likelihood that a firm would choose to disclose a CIO. This study also finds predictable variations in the likelihood of a breach among CIOs based on various human capital dimensions (including past technology experience, external board memberships, firm tenure, and CIO tenure) and structural capital dimensions (including a recognized commitment to IT and charging the CIO with multiple responsibilities). Finally, this study finds evidence that the observed associations depend on both the source of the breach (external vs. internal) as well as the type of data compromised by the breach (e.g. financial, personal, etc.). The results of this study contribute to the growing body of academic breach literature, while also informing practitioners as they evaluate the costs and benefits of various methods for combating breaches.

Suggested Citation

  • Smith, Thomas & Tadesse, Amanuel F. & Vincent, Nishani Edirisinghe, 2021. "The impact of CIO characteristics on data breaches," International Journal of Accounting Information Systems, Elsevier, vol. 43(C).
  • Handle: RePEc:eee:ijoais:v:43:y:2021:i:c:s1467089521000348
    DOI: 10.1016/j.accinf.2021.100532
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089521000348
    Download Restriction: Full text for ScienceDirect subscribers only

    File URL: https://libkey.io/10.1016/j.accinf.2021.100532?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Donkers, Bas & Melenberg, Bertrand & Van Soest, Arthur, 2001. "Estimating Risk Attitudes Using Lotteries: A Large Sample Approach," Journal of Risk and Uncertainty, Springer, vol. 22(2), pages 165-195, March.
    2. Li, Yan & Tan, Chuan-Hoo, 2013. "Matching business strategy and CIO characteristics: The impact on organizational performance," Journal of Business Research, Elsevier, vol. 66(2), pages 248-259.
    3. repec:zbw:bofrdp:2018_005 is not listed on IDEAS
    4. Kenneth R. MacCrimmon & Donald A. Wehrung, 1990. "Characteristics of Risk Taking Executives," Management Science, INFORMS, vol. 36(4), pages 422-435, April.
    5. Wallace Davidson & Carol Nemec & Dan Worrell, 2006. "Determinants of CEO Age at Succession," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 10(1), pages 35-57, March.
    6. Becker, Gary S, 1993. "Nobel Lecture: The Economic Way of Looking at Behavior," Journal of Political Economy, University of Chicago Press, vol. 101(3), pages 385-409, June.
    7. Thomas Dohmen & Armin Falk & David Huffman & Uwe Sunde & Jürgen Schupp & Gert G. Wagner, 2011. "Individual Risk Attitudes: Measurement, Determinants, And Behavioral Consequences," Journal of the European Economic Association, European Economic Association, vol. 9(3), pages 522-550, June.
    8. Feng, Mei & Li, Chan & McVay, Sarah, 2009. "Internal control and management guidance," Journal of Accounting and Economics, Elsevier, vol. 48(2-3), pages 190-209, December.
    9. Feng, Cecilia (Qian) & Wang, Tawei, 2019. "Does CIO risk appetite matter? Evidence from information security breach incidents," International Journal of Accounting Information Systems, Elsevier, vol. 32(C), pages 59-75.
    10. Lutz Hendricks, 2002. "How Important Is Human Capital for Development? Evidence from Immigrant Earnings," American Economic Review, American Economic Association, vol. 92(1), pages 198-219, March.
    11. Wang, Tawei & Hsu, Carol, 2013. "Board composition and operational risk events of financial institutions," Journal of Banking & Finance, Elsevier, vol. 37(6), pages 2042-2051.
    12. Cohn, Richard A, et al, 1975. "Individual Investor Risk Aversion and Investment Portfolio Composition," Journal of Finance, American Finance Association, vol. 30(2), pages 605-620, May.
    13. Haislip, Jacob Z. & Masli, Adi & Richardson, Vernon J. & Watson, Marcia Weidenmier, 2015. "External reputational penalties for CEOs and CFOs following information technology material weaknesses," International Journal of Accounting Information Systems, Elsevier, vol. 17(C), pages 1-15.
    14. Humayun Zafar & Myung S. Ko & Kweku-Muata Osei-Bryson, 2016. "The value of the CIO in the top management team on performance in the case of information security breaches," Information Systems Frontiers, Springer, vol. 18(6), pages 1205-1215, December.
    15. Honkapohja, Seppo & Mitra, Kaushik, 2020. "Price level targeting with evolving credibility," Journal of Monetary Economics, Elsevier, vol. 116(C), pages 88-103.
    16. Yim, Soojin, 2013. "The acquisitiveness of youth: CEO age and acquisition behavior," Journal of Financial Economics, Elsevier, vol. 108(1), pages 250-273.
    17. Heckman, James, 2013. "Sample selection bias as a specification error," Applied Econometrics, Russian Presidential Academy of National Economy and Public Administration (RANEPA), vol. 31(3), pages 129-137.
    18. Oecd, 2018. "How is the tertiary-educated population evolving?," Education Indicators in Focus 61, OECD Publishing.
    19. Bruce Kogut & Udo Zander, 1996. "What Firms Do? Coordination, Identity, and Learning," Organization Science, INFORMS, vol. 7(5), pages 502-518, October.
    20. Zeki Simsek, 2007. "CEO tenure and organizational performance: an intervening model," Strategic Management Journal, Wiley Blackwell, vol. 28(6), pages 653-662, June.
    21. M. Díaz-Fernández & M. González-Rodríguez & Biagio Simonetti, 2015. "Top Management Teams’ demographic characteristics and their influence on strategic change," Quality & Quantity: International Journal of Methodology, Springer, vol. 49(3), pages 1305-1322, May.
    22. Huang, Jiekun & Kisgen, Darren J., 2013. "Gender and corporate finance: Are male executives overconfident relative to female executives?," Journal of Financial Economics, Elsevier, vol. 108(3), pages 822-839.
    23. Ulrike Malmendier & Geoffrey Tate & Jon Yan, 2011. "Overconfidence and Early‐Life Experiences: The Effect of Managerial Traits on Corporate Financial Policies," Journal of Finance, American Finance Association, vol. 66(5), pages 1687-1733, October.
    24. Faccio, Mara & Marchica, Maria-Teresa & Mura, Roberto, 2016. "CEO gender, corporate risk-taking, and the efficiency of capital allocation," Journal of Corporate Finance, Elsevier, vol. 39(C), pages 193-209.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zhang, Yimei & Smith, Thomas, 2023. "The impact of customer firm data breaches on the audit fees of their suppliers," International Journal of Accounting Information Systems, Elsevier, vol. 50(C).
    2. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    3. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    4. Habib Saragih, Arfah & Ali, Syaiful & Suwardi, Eko & Utomo, Hargo, 2024. "Finding the missing pieces to an optimal corporate tax savings: Information technology governance and internal information quality," International Journal of Accounting Information Systems, Elsevier, vol. 52(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hamid Boustanifar & Edward J. Zajac & Flladina Zilja, 2022. "Taking chances? The effect of CEO risk propensity on firms’ risky internationalization decisions," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 53(2), pages 302-325, March.
    2. Feng, Cecilia (Qian) & Wang, Tawei, 2019. "Does CIO risk appetite matter? Evidence from information security breach incidents," International Journal of Accounting Information Systems, Elsevier, vol. 32(C), pages 59-75.
    3. Liu, Yin & Neely, Pamela & Karim, Khondkar, 2022. "The impact of CFO gender on corporate overinvestment," Advances in accounting, Elsevier, vol. 57(C).
    4. Jarkko Peltomäki & Jukka Sihvonen & Steve Swidler & Sami Vähämaa, 2021. "Age, gender, and risk‐taking: Evidence from the S&P 1500 executives and market‐based measures of firm risk," Journal of Business Finance & Accounting, Wiley Blackwell, vol. 48(9-10), pages 1988-2014, October.
    5. Sah, Nilesh B., 2021. "Cash is Queen: Female CEOs’ propensity to hoard cash," Journal of Behavioral and Experimental Finance, Elsevier, vol. 29(C).
    6. Ismail, Ahmad & Mavis, Christos P., 2022. "A new method for measuring CEO overconfidence: Evidence from acquisitions," International Review of Financial Analysis, Elsevier, vol. 79(C).
    7. R. Øystein Strøm & Bert D’Espallier & Roy Mersland, 2023. "Female Leaders and Financial Inclusion: Evidence from Microfinance Institutions," Review of Corporate Finance, now publishers, vol. 3(1-2), pages 69-97, May.
    8. Zilja, Flladina & Benito, Gabriel R.G. & Boustanifar, Hamid & Zhang, Dan, 2023. "CEO wealth and cross-border acquisitions by SMEs," International Business Review, Elsevier, vol. 32(6).
    9. Young Zik Shin & Jeung-Yoon Chang & Kyeongmin Jeon & Hyunpyo Kim, 2020. "Female directors on the board and investment efficiency: evidence from Korea," Asian Business & Management, Palgrave Macmillan, vol. 19(4), pages 438-479, September.
    10. Frye, Melissa B. & Pham, Duong T., 2018. "CEO gender and corporate board structures," The Quarterly Review of Economics and Finance, Elsevier, vol. 69(C), pages 110-124.
    11. Malmendier, Ulrike M. & Pezone, Vincenzo & Zheng, Hui, 2020. "Managerial Duties and Managerial Biases," CEPR Discussion Papers 14929, C.E.P.R. Discussion Papers.
    12. Xin Liu, 2020. "Impression management against early dismissal? CEO succession and corporate social responsibility," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 27(2), pages 999-1016, March.
    13. Han, Yu & Chi, Wei & Zhou, Jinyi, 2022. "Prosocial imprint: CEO childhood famine experience and corporate philanthropic donation," Journal of Business Research, Elsevier, vol. 139(C), pages 1604-1618.
    14. Tung Nguyen & Dimitris Petmezas & Nikolaos Karampatsas, 2023. "Does Terrorism Affect Acquisitions?," Management Science, INFORMS, vol. 69(7), pages 4134-4168, July.
    15. Wang, Xu & Deng, Shengliang & Alon, Ilan, 2021. "Women executives and financing pecking order of GEM-listed companies: Moderating roles of social capital and regional institutional environment," Journal of Business Research, Elsevier, vol. 136(C), pages 466-478.
    16. Shen, Huayu & Xiong, Hao & Zheng, Shaofeng & Hou, Fei, 2021. "Chief executive officer (CEO)’s rural origin and internal control quality," Economic Modelling, Elsevier, vol. 95(C), pages 441-452.
    17. Lin, Tse-Chun & Pursiainen, Vesa, 2023. "Gender differences in reward-based crowdfunding," Journal of Financial Intermediation, Elsevier, vol. 53(C).
    18. Chen, Xiao & Huang, Bihong & Ye, Dezhu, 2020. "Gender gap in peer-to-peer lending: Evidence from China," Journal of Banking & Finance, Elsevier, vol. 112(C).
    19. Kelvin K. F. Law & Lillian F. Mills, 2017. "Military experience and corporate tax avoidance," Review of Accounting Studies, Springer, vol. 22(1), pages 141-184, March.
    20. Datta, Sudip & Doan, Trang & Toscano, Francesca, 2023. "Top executive gender, corporate culture, and the value of corporate cash holdings," Journal of Financial Stability, Elsevier, vol. 67(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:43:y:2021:i:c:s1467089521000348. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.