IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v32y2021i2p318-334.html
   My bibliography  Save this article

The Impact of Executives’ IT Expertise on Reported Data Security Breaches

Author

Listed:
  • Jacob Haislip

    (School of Accounting, Rawls College of Business, Texas Tech University, Lubbock, Texas 79409)

  • Jee-Hae Lim

    (School of Accountancy, University of Hawaii, Manoa, Honolulu, Hawaii 96822)

  • Robert Pinsker

    (School of Accounting, Florida Atlantic University, Boca Raton, Florida 33431)

Abstract

Data security breaches (DSBs) are increasing investor and regulator pressure on firms to improve their IT governance (ITG) in an effort to mitigate the related risk. Drawing on upper echelon theory, we argue that DSB risk cannot be mitigated by one executive alone, but, rather, is a shared leadership responsibility of the top management team (TMT; i.e., Chief Executive Officer (CEO), Chief Financial Officer (CFO), and Chief Information Officer (CIO)). By examining a sample of DSBs from 2005 to 2017, our study finds that CEOs with IT expertise are associated with fewer DSBs, with some evidence of a focus on DSBs containing consumer information. Our evidence also suggests that CFOs with IT expertise are less likely to report a DSB in general, as well as DSBs involving employee information or instigated by a person outside of the firm and, to a weaker extent, DSBs containing consumer information. Further, the presence of a CIO as part of the TMT is significantly associated with reduced DSBs of all types examined. Our results are robust to endogeneity concerns and an alternative propensity score matched sample. This study contributes a granular investigation of DSB risk involving executives with IT expertise that extends the upper echelon and ITG literatures.

Suggested Citation

  • Jacob Haislip & Jee-Hae Lim & Robert Pinsker, 2021. "The Impact of Executives’ IT Expertise on Reported Data Security Breaches," Information Systems Research, INFORMS, vol. 32(2), pages 318-334, June.
    • Handle: RePEc:inm:orisre:v:32:y:2021:i:2:p:318-334
    DOI: 10.1287/isre.2020.0986
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/isre.2020.0986
    Download Restriction: no
    File URL: https://libkey.io/10.1287/isre.2020.0986?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Hainmueller, Jens, 2012. "Entropy Balancing for Causal Effects: A Multivariate Reweighting Method to Produce Balanced Samples in Observational Studies," Political Analysis, Cambridge University Press, vol. 20(1), pages 25-46, January.
    2. Curtis P. Armstrong & V. Sambamurthy, 1999. "Information Technology Assimilation in Firms: The Influence of Senior Leadership and IT Infrastructures," Information Systems Research, INFORMS, vol. 10(4), pages 304-327, December.
    3. Li, Chan & Sun, Lili & Ettredge, Michael, 2010. "Financial executive qualifications, financial executive turnover, and adverse SOX 404 opinions," Journal of Accounting and Economics, Elsevier, vol. 50(1), pages 93-110, May.
    4. Marianne Bertrand & Antoinette Schoar, 2003. "Managing with Style: The Effect of Managers on Firm Policies," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 118(4), pages 1169-1208.
    5. Feng, Cecilia (Qian) & Wang, Tawei, 2019. "Does CIO risk appetite matter? Evidence from information security breach incidents," International Journal of Accounting Information Systems, Elsevier, vol. 32(C), pages 59-75.
    6. Shroff, Nemit & Verdi, Rodrigo S. & Yost, Benjamin P., 2017. "When does the peer information environment matter?," Journal of Accounting and Economics, Elsevier, vol. 64(2), pages 183-214.
    7. Saim Kashmiri & Cameron Duncan Nicol & Liwu Hsu, 2017. "Birds of a feather: intra-industry spillover of the Target customer data breach and the shielding role of IT, marketing, and CSR," Journal of the Academy of Marketing Science, Springer, vol. 45(2), pages 208-228, March.
    8. Seung Hyun Kim & Juhee Kwon, 2019. "How Do EHRs and a Meaningful Use Initiative Affect Breaches of Patient Information?," Information Systems Research, INFORMS, vol. 30(4), pages 1184-1202, December.
    9. Lim, Jee-Hae & Stratopoulos, Theophanis C. & Wirjanto, Tony S., 2012. "Role of IT executives in the firm's ability to achieve competitive advantage through IT capability," International Journal of Accounting Information Systems, Elsevier, vol. 13(1), pages 21-40.
    10. Sarv Devaraj & Rajiv Kohli, 2003. "Performance Impacts of Information Technology: Is Actual Usage the Missing Link?," Management Science, INFORMS, vol. 49(3), pages 273-289, March.
    11. Joseph V. Terza, 2017. "Two-stage residual inclusion estimation: A practitioners guide to Stata implementation," Stata Journal, StataCorp LP, vol. 17(4), pages 916-938, December.
    12. Geneviève Bassellier & Izak Benbasat & Blaize Horner Reich, 2003. "The Influence of Business Managers' IT Competence on Championing IT," Information Systems Research, INFORMS, vol. 14(4), pages 317-336, December.
    13. Heckman, James, 2013. "Sample selection bias as a specification error," Applied Econometrics, Russian Presidential Academy of National Economy and Public Administration (RANEPA), vol. 31(3), pages 129-137.
    14. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2016. "Mandatory Standards and Organizational Information Security," Information Systems Research, INFORMS, vol. 27(1), pages 70-86, March.
    15. Eli Amir & Shai Levi & Tsafrir Livne, 2018. "Do firms underreport information on cyber-attacks? Evidence from capital markets," Review of Accounting Studies, Springer, vol. 23(3), pages 1177-1206, September.
    16. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    17. Michael Jensen & Edward J. Zajac, 2004. "Corporate elites and corporate strategy: how demographic preferences and structural position shape the scope of the firm," Strategic Management Journal, Wiley Blackwell, vol. 25(6), pages 507-524, June.
    18. Sabyasachi Mitra & Sam Ransbotham, 2015. "Information Disclosure and the Diffusion of Information Security Attacks," Information Systems Research, INFORMS, vol. 26(3), pages 565-584, September.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Uddin, Mohammad Rajib & Akter, Shahriar & Lee, Wai Jin Thomas, 2024. "Developing a data breach protection capability framework in retailing," International Journal of Production Economics, Elsevier, vol. 271(C).
    2. Jin Li & Wei Xiao & Chong Zhang, 2023. "Data security crisis in universities: identification of key factors affecting data breach incidents," Palgrave Communications, Palgrave Macmillan, vol. 10(1), pages 1-18, December.
    3. Caluwe, Laura & Wilkin, Carla L. & De Haes, Steven & Huygh, Tim, 2024. "Board roles required for IT governance to become an integral component of corporate governance," International Journal of Accounting Information Systems, Elsevier, vol. 54(C).
    4. Guohong, Zheng & Zhongwei, Xia & Feng, He & Zhongyi, Xiao, 2025. "The audit committee’s IT expertise and its impact on the disclosure of cybersecurity risk," Research in International Business and Finance, Elsevier, vol. 73(PA).
    5. Simon Kratzer & Andreas Drechsler & Markus Westner & Susanne Strahringer, 2022. "The Fractional CIO in SMEs: conceptualization and research agenda," Information Systems and e-Business Management, Springer, vol. 20(3), pages 581-611, September.
    6. Zhaohua Deng & Guorui Fan & Zihao Deng & Bin Wang, 2024. "Why Doctors Participate in Teams of Online Health Communities? A Social Identity and Brand Resource Perspective," Information Systems Frontiers, Springer, vol. 26(5), pages 1915-1941, October.
    7. Romanus Izuchukwu Okeke & Max Hashem Eiza, 2023. "The Application of Role-Based Framework in Preventing Internal Identity Theft Related Crimes: A Qualitative Case Study of UK Retail Companies," Information Systems Frontiers, Springer, vol. 25(2), pages 451-472, April.
    8. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Steven Balsam & So Yean Kwack, 2022. "The impact of connections between the CEO and top executives on appointment, turnover and firm value," Journal of Business Finance & Accounting, Wiley Blackwell, vol. 49(5-6), pages 882-933, May.
    2. Seung Hyun Kim & Juhee Kwon, 2019. "How Do EHRs and a Meaningful Use Initiative Affect Breaches of Patient Information?," Information Systems Research, INFORMS, vol. 30(4), pages 1184-1202, December.
    3. Venus, Andreas & Engelen, Andreas, 2012. "A strategy perspective on the performance relevance of the CFO," SFB 649 Discussion Papers 2012-021, Humboldt University Berlin, Collaborative Research Center 649: Economic Risk.
    4. Phillip J. Quinn, 2018. "Shifting corporate culture: executive stock ownership plan adoptions and incentives to meet or just beat analysts’ expectations," Review of Accounting Studies, Springer, vol. 23(2), pages 654-685, June.
    5. Yuan, Yuan & Hu, May & Cheng, Chen, 2023. "CEO succession and corporate innovation: A managerial myopic perspective," The North American Journal of Economics and Finance, Elsevier, vol. 64(C).
    6. Carlos Devece, 2013. "The value of business managers' ‘Information Technology’ competence," The Service Industries Journal, Taylor & Francis Journals, vol. 33(7-8), pages 720-733, May.
    7. Lim, Jee-Hae & Stratopoulos, Theophanis C. & Wirjanto, Tony S., 2012. "Role of IT executives in the firm's ability to achieve competitive advantage through IT capability," International Journal of Accounting Information Systems, Elsevier, vol. 13(1), pages 21-40.
    8. Westfall, Tiffany J. & Myring, Mark, 2022. "Are voluntary internal control weakness disclosures in initial public offerings associated with managerial ability and subsequent financial reporting quality?," Advances in accounting, Elsevier, vol. 59(C).
    9. Zhang, Yimei & Smith, Thomas, 2023. "The impact of customer firm data breaches on the audit fees of their suppliers," International Journal of Accounting Information Systems, Elsevier, vol. 50(C).
    10. Zhou, Fuzhao & Huang, Jianning, 2024. "Cybersecurity data breaches and internal control," International Review of Financial Analysis, Elsevier, vol. 93(C).
    11. repec:hum:wpaper:sfb649dp2012-021 is not listed on IDEAS
    12. Leye Li & Louise Yi Lu & Dongyue Wang, 2022. "External labour market competitions and stock price crash risk: evidence from exposures to competitor CEOs’ award‐winning events," Accounting and Finance, Accounting and Finance Association of Australia and New Zealand, vol. 62(S1), pages 1421-1460, April.
    13. Hilal Atasoy & Rajiv D. Banker & Paul A. Pavlou, 2016. "On the Longitudinal Effects of IT Use on Firm-Level Employment," Information Systems Research, INFORMS, vol. 27(1), pages 6-26, March.
    14. Jing Li & Jiang Cheng, 2023. "Are female CEOs associated with lower insolvency risk? Evidence from the US property‐casualty insurance industry," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 90(4), pages 941-973, December.
    15. Huang, Qianqian & Jiang, Feng & Lie, Erik & Yang, Ke, 2014. "The role of investment banker directors in M&A," Journal of Financial Economics, Elsevier, vol. 112(2), pages 269-286.
    16. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    17. Zhang, Lu & Peng, Fei & Shan, Yuan George & Chen, Yiping, 2023. "CEO social capital and litigation risk," Finance Research Letters, Elsevier, vol. 51(C).
    18. Anna Adamecz-Völgyi & Morag Henderson & Nikki Shure, 2023. "The labor market returns to “first-in-family” university graduates," Journal of Population Economics, Springer;European Society for Population Economics, vol. 36(3), pages 1395-1429, July.
    19. Habib Saragih, Arfah & Ali, Syaiful & Suwardi, Eko & Utomo, Hargo, 2024. "Finding the missing pieces to an optimal corporate tax savings: Information technology governance and internal information quality," International Journal of Accounting Information Systems, Elsevier, vol. 52(C).
    20. Xie, Linlin & Liu, Yangbo & Jiang, Tianhao, 2024. "Executives with business education background and cost of debt financing: Evidence from China," International Review of Economics & Finance, Elsevier, vol. 90(C), pages 283-296.
    21. Tarek Abdelfattah & Mohamed Elmahgoub & Ahmed A. Elamer, 2021. "Female Audit Partners and Extended Audit Reporting: UK Evidence," Journal of Business Ethics, Springer, vol. 174(1), pages 177-197, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:32:y:2021:i:2:p:318-334. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.