Search results

1 – 10 of over 6000
To view the access options for this content please click here
Article
Publication date: 10 June 2021

Cansu Tayaksi, Erhan Ada, Yigit Kazancoglu and Muhittin Sagnak

Today, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many…

Abstract

Purpose

Today, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many benefits to businesses, it also brings risks as the information systems security breaches. Security breaches and their financial impact is a constant concern of the researchers and practitioners. This paper explores information systems breaches and their financial impacts on the publicly traded companies in different sectors.

Design/methodology/approach

After a comprehensive data collection process, data from 192 events are analyzed by employing Event Study Methodology and a comparison of the results between the four highly affected sectors (Consumer Goods, Technology, Financial and Communications) is presented. The abnormal returns on the prices of stocks after the events are calculated with the Market Model. Also, the results of the Market Adjusted Model and Mean Adjusted Model are presented to support the results.

Findings

While information systems security breaches have a significant negative impact on the Financials and the Technology sectors for all the event windows in the study ([−5, 0], [−5, 1], [−5, 5], and [−5, 10]), the significant negative impact is observed only on the [−5, 5] and [−5, 10] event windows for the Consumer Goods sector. No significant negative impact is observed in the Communications sector, in fact, the cumulative abnormal returns are positive for this sector.

Originality/value

The contribution of this paper to provide evidence about the financial impacts of the information systems breaches for businesses in different sectors. While there are studies that have previously focused on the information systems breaches and their financial impacts on businesses, to the best of our knowledge, this is the first study that compares this effect between the four highly impacted sectors. With a relatively larger sample size and broader event windows than the past studies in the literature, statistical evidence is provided to managers to justify their investments in information security and build preventive measures to secure the market value of their firms.

Details

Journal of Enterprise Information Management, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1741-0398

Keywords

To view the access options for this content please click here
Article
Publication date: 28 September 2012

Katerina Berezina, Cihan Cobanoglu, Brian L. Miller and Francis A. Kwansa

The primary purpose of this study is to investigate the impact of information security breaches on hotel guests' perceived service quality, satisfaction, likelihood of…

Downloads
9714

Abstract

Purpose

The primary purpose of this study is to investigate the impact of information security breaches on hotel guests' perceived service quality, satisfaction, likelihood of recommending a hotel and revisit intentions.

Design/methodology/approach

Five‐hundred seventy‐four US travelers participated in this experimental study. The respondents were exposed to one of three different scenarios: “negative”, where an information security breach happened in the hotel where a person stayed last and guest information was compromised; “neutral”, where an information security breach happened and guest information remained safe; and “positive”, where participants were told that the hotel where they last stayed successfully passed a comprehensive security audit, meaning that their guest information is properly handled and secured.

Findings

The results of the study revealed a significant impact of the treatments on three of the four outcome variables: satisfaction, likelihood of recommending a hotel, and revisit intentions. Information security breach scenarios resulted in a negative impact on the outcome variables regardless of whether or not the guest's credit card information was compromised. A positive scenario revealed a significant increase in guest satisfaction and revisit intentions scores.

Practical implications

The findings of the study provide clear indication that hotel operators must continually strive to keep the sensitive data that is collected from their guests secure, and that failure to do so can have significant negative ramifications on current and future guests. The results also suggest that hotels should openly publicize their achievements in the field of PCI compliance.

Originality/value

The study contributes to the body of knowledge on the importance of credit card information security breaches to hotel guest satisfaction and future behavior. To date, this is the only study that has investigated this topic in the hospitality industry, and it therefore makes a significant improvement towards the understanding of the impact of information security breach on hotel guest perceptions and future intentions.

To view the access options for this content please click here
Article
Publication date: 8 January 2020

Jean Pierre Guy Gashami, Christian Fernando Libaque-Saenz and Younghoon Chang

Cloud computing has disrupted the information technology (IT) industry. Associated benefits such as flexibility, payment on an on-demand basis and the lack of no need for…

Abstract

Purpose

Cloud computing has disrupted the information technology (IT) industry. Associated benefits such as flexibility, payment on an on-demand basis and the lack of no need for IT staff are among the reasons for its adoption. However, these services represent not only benefits to users but also threats, with cybersecurity issues being the biggest roadblock to cloud computing success. Although ensuring data security on the cloud has been the responsibility of providers, these threats seem to be unavoidable. In such circumstances, both providers and users have to coordinate efforts to minimize negative consequences that might occur from these events. The purpose of this paper is to assess how providers and users can rely on social media to communicate risky events.

Design/methodology/approach

Based on the Situational Theory of Publics and trust, the authors developed three research questions to analyze stakeholders’ communication patterns after a security breach. By gathering Twitter data, the authors analyzed the data security breach faced by the Premera Blue Cross’ Web application.

Findings

The results indicate that Premera acted as the main source of information for Twitter users, while trustworthy actors such as IT security firms, specialists and local news media acted as intermediaries, creating small communities around them. Theoretical and practical implications are also discussed.

Originality/value

Social media could be used for diffusing information of potential threats; no research has assessed its usage in a cloud-based security breach context. The study aims to fill this gap and propose a framework to engage cloud users in co-securing their data along with cloud providers when they face similar situations.

Details

Industrial Management & Data Systems, vol. 120 no. 3
Type: Research Article
ISSN: 0263-5577

Keywords

To view the access options for this content please click here
Article
Publication date: 9 October 2009

Jordan Shropshire

The paper focuses on intentional information security breaches by insiders. The purpose is to assess the relationship between insiders' backgrounds and motivations and…

Downloads
1696

Abstract

Purpose

The paper focuses on intentional information security breaches by insiders. The purpose is to assess the relationship between insiders' backgrounds and motivations and their deviant behaviors. Two outcome variables, information technology (IT) espionage and IT sabotage, are correlated with four predictors, financial changes, relationship strains, substance abuse, and job changes.

Design/methodology/approach

Some 62 cases of intentional information security breaches by insiders are examined using canonical analysis.

Findings

The results indicate that a significant relationship exists between financial hardship, relationship strains, and the theft and sale of proprietary data by insiders; and recent firings, substance abuse, and relationship strains are related to information system sabotage.

Research limitations/implications

Because little or no research has been conducted on this topic, there is a lack of validated measures for variables associated with information security. Thus, the measures used in this paper are necessarily simplistic. Because few organizations report information security weaknesses, the sample is relatively small.

Practical implications

In the majority of cases included in this paper, it is found that the insider convey a number of warning signs before committing the security breach. After reading this paper, diligent managers should be able to identify potential security breaches.

Originality/value

This is one of the first studies to explore insider security breaches using canonical analysis.

Details

Information Management & Computer Security, vol. 17 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 3 June 2019

Mark Glenn Evans, Ying He, Iryna Yevseyeva and Helge Janicke

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of…

Abstract

Purpose

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error.

Design/methodology/approach

This paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field.

Findings

This analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.

Originality/value

This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.

Details

Information & Computer Security, vol. 27 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 26 August 2020

Rohit Gupta, Baidyanath Biswas, Indranil Biswas and Shib Sankar Sana

This paper aims to examine optimal decisions for information security investments for a firm in a fuzzy environment. Under both sequential and simultaneous attack…

Abstract

Purpose

This paper aims to examine optimal decisions for information security investments for a firm in a fuzzy environment. Under both sequential and simultaneous attack scenarios, optimal investment of firm, optimal efforts of attackers and their economic utilities are determined.

Design/methodology/approach

Throughout the analysis, a single firm and two attackers for a “firm as a leader” in a sequential game setting and “firm versus attackers” in a simultaneous game setting are considered. While the firm makes investments to secure its information assets, the attackers spend their efforts to launch breaches.

Findings

It is observed that the firm needs to invest more when it announces its security investment decisions ahead of attacks. In contrast, the firm can invest relatively less when all agents are unaware of each other’s choices in advance. Further, the study reveals that attackers need to exert higher effort when no agent enjoys the privilege of being a leader.

Research limitations/implications

In a novel approach, inherent system vulnerability of the firm, financial benefit of attackers from the breach and monetary loss suffered by the firm are considered, as fuzzy variables in the well-recognized Gordon – Loeb breach function, with the help of fuzzy expectation operator.

Practical implications

This study reports that the optimal breach effort exerted by each attacker is proportional to its obtained economic benefit for both sequential and simultaneous attack scenarios. A set of numerical experiments and sensitivity analyzes complement the analytical modeling.

Originality/value

In a novel approach, inherent system vulnerability of the firm, financial benefit of attackers from the breach and monetary loss suffered by the firm are considered, as fuzzy variables in the well-recognized Gordon – Loeb breach function, with the help of fuzzy expectation operator.

Details

Information & Computer Security, vol. 29 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 22 March 2021

Suparak Janjarasjit and Siew H. Chan

The purpose of this study is to examine whether users’ perceived moral affect explains the effect of perceived intensity of emotional distress on responsibility judgment…

Abstract

Purpose

The purpose of this study is to examine whether users’ perceived moral affect explains the effect of perceived intensity of emotional distress on responsibility judgment of a perpetrator and company, respectively, in an ill and good intention breach.

Design/methodology/approach

Participants completed a questionnaire containing items measuring their perceived intensity of emotional distress, perceived moral affect and responsibility judgment of a perpetrator and company, respectively.

Findings

The results support the mediating hypothesis on responsibility judgment of a perpetrator regardless of intention. The mediating hypothesis is also supported in an ill intention breach in responsibility judgment of a company. However, the mediating effect is not observed in a good intention breach when users assess a company’s responsibility.

Originality/value

The findings support the notion that users use the consequentialism approach when assessing a perpetrator’s responsibility because they focus on the victims’ emotional distress and discount a perpetrator’s intent, resulting in similar mediating effect of perceived moral affect in an ill and good intention breach. The results also indicate that perceived moral affect increases the negative effect of perceived intensity of emotional distress on responsibility judgment of a company, suggesting that users may exhibit empathetic feelings toward a company and perceive it as a victim of an ill intention breach. The lack of mediating effect in responsibility judgment of a company in a good intention breach may be attributed to the diminished effect of a perpetrator’s feelings of regret, sorrow, guilt and shame for causing emotional distress to the victims.

Details

Information & Computer Security, vol. 29 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Content available
Article
Publication date: 15 July 2019

Elina Haapamäki and Jukka Sihvonen

This paper aims to update the cybersecurity-related accounting literature by synthesizing 39 recent theoretical and empirical studies on the topic. Furthermore, the paper…

Downloads
9726

Abstract

Purpose

This paper aims to update the cybersecurity-related accounting literature by synthesizing 39 recent theoretical and empirical studies on the topic. Furthermore, the paper provides a set of categories into which the studies fit.

Design/methodology/approach

This is a synthesis paper that summarizes the research literature on cybersecurity, introducing knowledge from the extant research and revealing areas requiring further examination.

Findings

This synthesis identifies a research framework that consists of the following research themes: cybersecurity and information sharing, cybersecurity investments, internal auditing and controls related to cybersecurity, disclosure of cybersecurity activities and security threats and security breaches.

Practical implications

Academics, practitioners and the public would benefit from a research framework that categorizes the research topics related to cybersecurity in the accounting field. This type of analysis is vital to enhance the understanding of the academic research on cybersecurity and can be used to support the identification of new lines for future research.

Originality/value

This is the first literature analysis of cybersecurity in the accounting field, and it has significant implications for research and practice by detailing, for example, the benefits of and obstacles to information sharing. This synthesis also highlights the importance of the model for cybersecurity investments. Further, the review emphasizes the role of internal auditing and controls to improve cybersecurity.

Details

Managerial Auditing Journal, vol. 34 no. 7
Type: Research Article
ISSN: 0268-6902

Keywords

To view the access options for this content please click here
Article
Publication date: 14 March 2016

Daniel Schatz and Rabih Bashroush

This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic…

Downloads
1467

Abstract

Purpose

This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events.

Design/methodology/approach

An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.

Findings

Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.

Research limitations/implications

One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.

Practical implications

One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.

Originality/value

This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.

Details

Information & Computer Security, vol. 24 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Content available
Article
Publication date: 9 November 2021

Zareef Mohammed

Data breaches are an increasing phenomenon in today's digital society. Despite the preparations an organization must take to prevent a data breach, it is still necessary…

Abstract

Purpose

Data breaches are an increasing phenomenon in today's digital society. Despite the preparations an organization must take to prevent a data breach, it is still necessary to develop strategies in the event of a data breach. This paper explores the key recovery areas necessary for data breach recovery.

Design/methodology/approach

Stakeholder theory and three recovery areas (customer, employee and process recovery) are proposed as necessary theoretical lens to study data breach recovery. Three data breach cases (Anthem, Equifax, and Citrix) were presented to provide merit to the argument of the proposed theoretical foundations of stakeholder theory and recovery areas for data breach recovery research.

Findings

Insights from these cases reveal four areas of recovery are necessary for data breach recovery – customer recovery, employee recovery, process recovery and regulatory recovery.

Originality/value

These areas are presented in the data recovery areas model and are necessary for: (1) organizations to focus on these areas when resolving data breaches and (2) future data breach recovery researchers in developing their research in the field.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2635-0270

Keywords

1 – 10 of over 6000