Too Good to Be True: Firm Social Performance and the Risk of Data Breach-Reference-Cited by-同舟云学术

Too Good to Be True: Firm Social Performance and the Risk of Data Breach

Published:2020-12 Issue:4 Volume:31 Page:1200-1223
ISSN:1047-7047
Container-title:Information Systems Research
language:en
Short-container-title:Information Systems Research

Author:

D’Arcy John¹^ORCID,Adjerid Idris²^ORCID,Angst Corey M.³^ORCID,Glavas Ante⁴^ORCID

Affiliation:

1. Department of Accounting and Management Information Systems, University of Delaware, Newark, Delaware 19716;

2. Department of Business Information Technology, Virginia Tech, Blacksburg, Virginia 24061;

3. Department of Information Technology, Analytics, and Operations, University of Notre Dame, Notre Dame, Indiana 46556;

4. Grossman School of Business, University of Vermont, Burlington, Vermont 05405

Abstract

Data breaches are now a daily occurrence. What corporate leaders may not realize is that certain actions they are taking in the social responsibility space may, in fact, be placing a proverbial target on their backs. Indeed, there is evidence that the hacking community is not homogeneous, and at least some hackers from both internal and external sources appear to be motivated by what they dislike as opposed to solely financial gain. Recent hacks against the World Health Organization, as a result of its actions (or supposed inactions) related to the COVID-19 pandemic, are a case in point. In this paper, we put forth the idea that espoused positive social performance in areas that are peripheral to core business operations (e.g., philanthropy, recycling programs) can be a detriment to information security, particularly when firms have simultaneous high levels of social concerns (e.g., poor employee relations, product safety concerns, involvement in an environmental controversy). Our results support this outcome. It appears that some perpetrators can “sniff out” firm social actions that attempt to give the appearance of social responsibility and possibly mask poor social performance, and consequently, these firms are victimized by a malicious data breach more often.

Publisher

Institute for Operations Research and the Management Sciences (INFORMS)

Subject

Library and Information Sciences,Information Systems and Management,Computer Networks and Communications,Information Systems,Management Information Systems

Reference100 articles.

1. The Impact of Privacy Regulation and Technology Incentives: The Case of Health Information Exchanges

2. What We Know and Don’t Know About Corporate Social Responsibility

3. Embedded Versus Peripheral Corporate Social Responsibility: Psychological Foundations

4. Mostly Harmless Econometrics

5. When Do IT Security Investments Matter? Accounting for the Influence of Institutional Factors in the Context of Healthcare Data Breaches

Cited by 46 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Investigating the use of protective technologies after data breach: The roles of psychological distance, technological service type and organizational justice;Computers & Security;2024-08

2. Information Security Research in the Information Systems Discipline: A Thematic Review and Future Research Directions;ACM SIGMIS Database: the DATABASE for Advances in Information Systems;2024-07-31

3. Comparing experts’ and users’ perspectives on the use of password workarounds and the risk of data breaches;Information & Computer Security;2024-07-16

4. Unpacking the complexities of health record misuse: insights from Australian health services;Information Technology & People;2024-07-02

5. Focusing on the fundamentals? An investigation of the relationship between corporate social irresponsibility and data breach risk;Decision Support Systems;2024-07