The association between top management involvement and compensation and information security breaches

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

65 Scopus Citations
View graph of relations



Original languageEnglish
Pages (from-to)219-236
Journal / PublicationJournal of Information Systems
Issue number1
Publication statusPublished - 2013
Externally publishedYes


This paper examines how an information technology (IT) executive's position in a top management team and how his/her compensation are associated with the likelihood of information security breaches. Using a sample drawn from multiple sources in the period from 2003 to 2008, we show that an IT executive's involvement in the top management team is negatively related to the possibility of information security breaches. We also find that the amount of behavior-based (i.e., salary) compensation and the pay differences of outcome-based (i.e., bonuses, stock awards, and stock options) compensation between IT and non-IT executives are negatively associated with the likelihood of information security breaches. Our findings shed light on how an IT executive's status in the top management team and the composition of his/her compensation can be related to a firm's IT governance mechanisms.

Research Area(s)

  • Information security breach, Information security risk management, IT executives, IT governance