Where is IT in Information Security? The Interrelationship among IT Investment, Security Awareness, and Data Breaches
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Pages (from-to) | 317-342 |
Journal / Publication | MIS Quarterly |
Volume | 47 |
Issue number | 1 |
Publication status | Published - Mar 2023 |
Link(s)
DOI | DOI |
---|---|
Attachment(s) | Documents
Publisher's Copyright Statement
|
Link to Scopus | https://www.scopus.com/record/display.uri?eid=2-s2.0-85160954788&origin=recordpage |
Permanent Link | https://scholars.cityu.edu.hk/en/publications/publication(79fefd8f-5d0b-4e6f-bb73-0a141df4b94d).html |
Abstract
Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must, therefore, continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches. ©2023. The Authors.
Research Area(s)
- Security investment, IT investment, security awareness, threat awareness, countermeasure awareness, data breach, panel vector autoregression model
Bibliographic Note
Information for this record is supplemented by the author(s) concerned.
Citation Format(s)
Where is IT in Information Security? The Interrelationship among IT Investment, Security Awareness, and Data Breaches. / Li, Wilson Weixun; Leung, Alvin Chung Man; Yue, Wei Thoo.
In: MIS Quarterly, Vol. 47, No. 1, 03.2023, p. 317-342.
In: MIS Quarterly, Vol. 47, No. 1, 03.2023, p. 317-342.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Download Statistics
No data available