To Alert or Alleviate? A Natural Experiment on the Effect of Anti-phishing Laws on Corporate IT and Security Investments
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Article number | 114173 |
Journal / Publication | Decision Support Systems |
Volume | 179 |
Online published | 4 Jan 2024 |
Publication status | Published - Apr 2024 |
Link(s)
DOI | DOI |
---|---|
Attachment(s) | Documents
Publisher's Copyright Statement
|
Link to Scopus | https://www.scopus.com/record/display.uri?eid=2-s2.0-85182744605&origin=recordpage |
Permanent Link | https://scholars.cityu.edu.hk/en/publications/publication(762f7fc0-2f4a-439a-8649-0bf7a1da54ca).html |
Abstract
In the United States, between 2005 and 2017, 23 states enacted anti-phishing laws to prosecute those suspected of phishing. As the primary targets of phishing attacks, firms’ interpretations and reactions toward these laws are worth investigating. Utilizing a unique dataset in a natural experimental setting, in this study, we employed the difference-in-differences method to contrast firms’ investment decisions related to IT and cybersecurity in states in which such laws had been newly enacted and those in states without such laws, before and after their enactment. We found firms with different operational experiences react to the enactment of the anti-phishing laws in different ways. Single-state firms tend to shrink IT investments, whereas multistate firms increase security investments, leveraging diverse security knowledge. The research uncovers the intra-firm spillover effects induced by cybersecurity laws and emphasizes the importance of a holistic view of IT security to deter attacks on the weakest links. In this study, we emphasize the need for policymakers to consider the diverse effects of cybersecurity laws and encourage firms to implement protection, whereas firms should benchmark their practices for broader cybersecurity perspective. © 2024 The Authors. Published by Elsevier B.V.
Research Area(s)
- Anti-phishing laws, Security investment, IT investment, Signaling effect, Difference-in-difference
Bibliographic Note
Information for this record is supplemented by the author(s) concerned.
Citation Format(s)
To Alert or Alleviate? A Natural Experiment on the Effect of Anti-phishing Laws on Corporate IT and Security Investments. / Wang, Xiaoxiao; Li, Weixun; Leung, Alvin Chung Man et al.
In: Decision Support Systems, Vol. 179, 114173, 04.2024.
In: Decision Support Systems, Vol. 179, 114173, 04.2024.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Download Statistics
No data available