Protecting data intangibly: How does control culture influence data breach risks?

IF 2.5 4区管理学 Q2 MANAGEMENT

DECISION SCIENCES Pub Date : 2026-03-10 Epub Date: 2025-09-16 DOI:10.1111/deci.70016

Lirong Lu, Shan Liu, Hao Wang

{"title":"Protecting data intangibly: How does control culture influence data breach risks?","authors":"Lirong Lu, Shan Liu, Hao Wang","doi":"10.1111/deci.70016","DOIUrl":null,"url":null,"abstract":"<p>As data have become the most valuable asset for many firms, the increasing frequency, scope, and cost of data breaches have had a significant impact on organizations. Traditionally, managers have focused primarily on tangible control measures to ensure information security and minimize data breach risks. However, a deeper understanding of intangible control measures remains limited. This study explores the impact of control culture—an intangible control measure—on different types of data breach risks within a firm: accidental internal, malicious external, and malicious internal breaches. Drawing on human factor theory and routine activity theory, we develop several hypotheses regarding the effect of control culture on these varying types of data breach risks. We collect data from multiple sources and construct a panel data set to empirically test these hypotheses. Our findings reveal that a stronger control culture significantly reduces the risk of accidental internal and malicious external data breaches. However, it does not reduce the risk of internal breaches with malicious intent. This research breaks new ground in addressing data breach risks from the perspective of control culture, providing valuable insights for both academics and practitioners.</p>","PeriodicalId":48256,"journal":{"name":"DECISION SCIENCES","volume":"57 1","pages":"47-65"},"PeriodicalIF":2.5000,"publicationDate":"2026-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"DECISION SCIENCES","FirstCategoryId":"91","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/deci.70016","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/9/16 0:00:00","PubModel":"Epub","JCR":"Q2","JCRName":"MANAGEMENT","Score":null,"Total":0}

引用次数: 0

Abstract

As data have become the most valuable asset for many firms, the increasing frequency, scope, and cost of data breaches have had a significant impact on organizations. Traditionally, managers have focused primarily on tangible control measures to ensure information security and minimize data breach risks. However, a deeper understanding of intangible control measures remains limited. This study explores the impact of control culture—an intangible control measure—on different types of data breach risks within a firm: accidental internal, malicious external, and malicious internal breaches. Drawing on human factor theory and routine activity theory, we develop several hypotheses regarding the effect of control culture on these varying types of data breach risks. We collect data from multiple sources and construct a panel data set to empirically test these hypotheses. Our findings reveal that a stronger control culture significantly reduces the risk of accidental internal and malicious external data breaches. However, it does not reduce the risk of internal breaches with malicious intent. This research breaks new ground in addressing data breach risks from the perspective of control culture, providing valuable insights for both academics and practitioners.

查看原文本刊更多论文

无形的数据保护：控制文化如何影响数据泄露风险？

随着数据成为许多公司最有价值的资产，数据泄露的频率、范围和成本的增加对组织产生了重大影响。传统上，管理人员主要关注有形的控制措施，以确保信息安全和最小化数据泄露风险。然而，对无形控制措施的深入了解仍然有限。本研究探讨了控制文化（一种无形的控制措施）对公司内部不同类型的数据泄露风险的影响：意外的内部泄露、恶意的外部泄露和恶意的内部泄露。根据人为因素理论和日常活动理论，我们提出了几个关于控制文化对这些不同类型数据泄露风险影响的假设。我们从多个来源收集数据，并构建一个面板数据集来实证检验这些假设。我们的研究结果表明，更强大的控制文化可以显著降低意外内部和恶意外部数据泄露的风险。然而，它并没有降低恶意内部破坏的风险。本研究在从控制文化的角度解决数据泄露风险方面开辟了新的领域，为学者和从业者提供了有价值的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

DECISION SCIENCES MANAGEMENT-

CiteScore

12.40

自引率

1.80%

发文量

期刊介绍： Decision Sciences, a premier journal of the Decision Sciences Institute, publishes scholarly research about decision making within the boundaries of an organization, as well as decisions involving inter-firm coordination. The journal promotes research advancing decision making at the interfaces of business functions and organizational boundaries. The journal also seeks articles extending established lines of work assuming the results of the research have the potential to substantially impact either decision making theory or industry practice. Ground-breaking research articles that enhance managerial understanding of decision making processes and stimulate further research in multi-disciplinary domains are particularly encouraged.