Proactive versus reactive security investments in the healthcare sector

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalNot applicablepeer-review

22 Scopus Citations
View graph of relations

Author(s)

Related Research Unit(s)

Detail(s)

Original languageEnglish
Pages (from-to)451-471
Journal / PublicationMIS Quarterly: Management Information Systems
Volume38
Issue number2
StatePublished - 1 Jun 2014

Abstract

This study identifies the effects of security investments that arise from previous failures or external regulatory pressure. Building on organizational learning theory, the study focuses on the healthcare sector where legislation mandates breach disclosure and detailed data on security investments are available. Using a Cox proportional hazard model, we demonstrate that proactive security investments are associated with lower security failure rates. Coupling that result with the economics of breach disclosure, we also show that proactive investments are more cost effective in healthcare security than reactive investments. Our results further indicate that this effect is amplified at the state level, supporting the argument that security investments create positive externalities. We also find that external pressure decreases the effect of proactive investments on security performance. This implies that proactive investments, voluntarily made, have more impact than those involuntarily made. Our findings suggest that security managers and policy makers should pay attention to the strategic and regulatory factors influencing security investment decisions.

Research Area(s)

  • Healthcare, Organizational learning, Proactive, Reactive, Security investment

Citation Format(s)

Proactive versus reactive security investments in the healthcare sector. / Kwon, Juhee; Johnson, M. Eric.

In: MIS Quarterly: Management Information Systems, Vol. 38, No. 2, 01.06.2014, p. 451-471.

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalNot applicablepeer-review