The association between top management involvement and compensation and information security breaches

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journal

27 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Pages (from-to)219-236
Journal / PublicationJournal of Information Systems
Volume27
Issue number1
Publication statusPublished - 2013
Externally publishedYes

Abstract

This paper examines how an information technology (IT) executive's position in a top management team and how his/her compensation are associated with the likelihood of information security breaches. Using a sample drawn from multiple sources in the period from 2003 to 2008, we show that an IT executive's involvement in the top management team is negatively related to the possibility of information security breaches. We also find that the amount of behavior-based (i.e., salary) compensation and the pay differences of outcome-based (i.e., bonuses, stock awards, and stock options) compensation between IT and non-IT executives are negatively associated with the likelihood of information security breaches. Our findings shed light on how an IT executive's status in the top management team and the composition of his/her compensation can be related to a firm's IT governance mechanisms.

Research Area(s)

  • Information security breach, Information security risk management, IT executives, IT governance