The Effects of IT Management Certification Type and Corporate Social Responsibility Performance on Investors’ Responses to Cybersecurity Breaches

IF 2 4区管理学 Q2 BUSINESS, FINANCE

Journal of Information Systems Pub Date : 2024-06-01 DOI:10.2308/isys-2023-032

Fengchun Tang, Ling Yang

{"title":"The Effects of IT Management Certification Type and Corporate Social Responsibility Performance on Investors’ Responses to Cybersecurity Breaches","authors":"Fengchun Tang, Ling Yang","doi":"10.2308/isys-2023-032","DOIUrl":null,"url":null,"abstract":"\n We investigate the joint effects of IT management certification type (for example, International Organization for Standardization (ISO) 27001 certification, the certification of a company’s Information Security Management System against the ISO 27001 standard, the leading international standard focused on information security) and CSR performance on investors’ responses to cybersecurity breaches. We find that the ISO 27001 certificate issued by an independent certification body serves as a proactive remedial strategy for reputation management and attenuates investors’ negative reactions following data breaches. However, the connection between the certification body that issues the certificate and the financial audit firm of the audited company may impair the effectiveness of the certificate serving as a remedial strategy for cybersecurity breaches. Similarly, superior CSR performance provides insurance-like protection and spillovers to reduce investors’ negative responses to cybersecurity breaches. We also provide some evidence suggesting that IT management certification type and CSR performance are likely substitutive mechanisms.","PeriodicalId":46998,"journal":{"name":"Journal of Information Systems","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.2308/isys-2023-032","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}

引用次数: 0

Abstract

We investigate the joint effects of IT management certification type (for example, International Organization for Standardization (ISO) 27001 certification, the certification of a company’s Information Security Management System against the ISO 27001 standard, the leading international standard focused on information security) and CSR performance on investors’ responses to cybersecurity breaches. We find that the ISO 27001 certificate issued by an independent certification body serves as a proactive remedial strategy for reputation management and attenuates investors’ negative reactions following data breaches. However, the connection between the certification body that issues the certificate and the financial audit firm of the audited company may impair the effectiveness of the certificate serving as a remedial strategy for cybersecurity breaches. Similarly, superior CSR performance provides insurance-like protection and spillovers to reduce investors’ negative responses to cybersecurity breaches. We also provide some evidence suggesting that IT management certification type and CSR performance are likely substitutive mechanisms.

查看原文本刊更多论文

IT 管理认证类型和企业社会责任表现对投资者应对网络安全漏洞的影响

我们研究了信息技术管理认证类型（例如，国际标准化组织（ISO）27001 认证，即一家公司的信息安全管理系统是否符合 ISO 27001 标准，该标准是专注于信息安全的领先国际标准）和企业社会责任表现对投资者对网络安全漏洞反应的共同影响。我们发现，由独立认证机构颁发的 ISO 27001 证书可作为声誉管理的积极补救策略，减轻投资者对数据泄露事件的负面反应。然而，颁发证书的认证机构与被审计公司的财务审计公司之间的联系可能会影响证书作为网络安全漏洞补救策略的有效性。同样，卓越的企业社会责任表现可提供类似保险的保护和溢出效应，从而减少投资者对网络安全漏洞的负面反应。我们还提供了一些证据，表明 IT 管理认证类型和企业社会责任绩效很可能是相互替代的机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Systems BUSINESS, FINANCE-

CiteScore

3.90

自引率

21.10%

发文量

期刊介绍： The Journal of Information Systems (JIS) is the academic journal of the Accounting Information Systems (AIS) Section of the American Accounting Association. Its goal is to support, promote, and advance Accounting Information Systems knowledge. The primary criterion for publication in JIS is contribution to the accounting information systems (AIS), accounting and auditing domains by the application or understanding of information technology theory and practice. AIS research draws upon and is informed by research and practice in management information systems, computer science, accounting, auditing as well as cognate disciplines including philosophy, psychology, and management science. JIS welcomes research that employs a wide variety of research methods including qualitative, field study, case study, behavioral, experimental, archival, analytical and markets-based.