Affiliation:
1. Louisiana State University
Abstract
ABSTRACT
This study examines whether a firm’s business strategy is an underlying determinant of cybersecurity breach likelihood. Based on organizational theory, firm strategy can focus on innovation or efficiency, with innovative strategy firms being more likely to have weaker, decentralized control systems, multiple technologies, and greater risk than firms with an efficiency-focused strategy. Following the Miles and Snow (1978) strategy topology, we predict and find that the prospector business strategy is associated with greater breach likelihood. We further explore IT awareness within the firm. Ex ante, it is unclear whether strategic IT policy formation is impounded into a firm’s strategy or can be impacted by individual executives and nonstrategy firm characteristics. We find that IT understanding at the executive or firm level can affect the relationship between strategy and breach likelihood. Collectively, our results indicate that business strategy is a useful indicator in evaluating firms’ cybersecurity activities.
Publisher
American Accounting Association
Subject
Management of Technology and Innovation,Information Systems and Management,Human-Computer Interaction,Accounting,Information Systems,Software,Management Information Systems
Reference68 articles.
1. American Institute of Certified Public Accountants (AICPA). 2017a. AICPA Unveils Cybersecurity Risk Management Reporting Framework. Durham, NC:AICPA. https://www.aicpa.org/press/pressreleases/2017/aicpa-unveils-cybersecurity-risk-management-reporting-framework.html
2. When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches;Angst;MIS Quarterly,2017
3. The role of peer events in corporate governance: Evidence from data breaches;Ashraf;The Accounting Review,2022
4. The impact of firm strategy on performance measures used in executive compensation;Balsam;Journal of Business Research,2011