Regulatory Influence and the Imperative of Innovation in Identity and Access Management

Abstract

In an effort to protect end users from identity theft, policy makers have enacted numerous regulations that require organizations to acquire identity and access management (IAM) technologies. In this paper, the authors develop and validate a conceptual framework that captures the unique characteristics of information security regulations and their impact on demand for IAM technologies, and the innovation and market value of IAM firms. Using paired two-sample for means t-tests and the Chow test, the authors demonstrate that the annual changes in sales of IAM firms from 1998 to 2008 are higher than those of other information technology (IT) firms around the time that information security regulations were enacted. The vector autoregression analyses show that IAM innovation is demand-driven, consistent with Schmookler’s “demand-pull” hypothesis, and has been positively valued by stock market investors. As such, our results demonstrate how policy makers can stimulate innovation and increase shareholder wealth by regulating IT consumers.