A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
Organizational Learning from Cybersecurity Performance : Effects on Cybersecurity Investment Decisions (2023)
Shaikh, F. A., & Siponen, M. (2023). Organizational Learning from Cybersecurity Performance : Effects on Cybersecurity Investment Decisions. Information Systems Frontiers, Early online. https://doi.org/10.1007/s10796-023-10404-7
JYU-tekijät tai -toimittajat
Julkaisun tiedot
Julkaisun kaikki tekijät tai toimittajat: Shaikh, Faheem Ahmed; Siponen, Mikko
Lehti tai sarja: Information Systems Frontiers
ISSN: 1387-3326
eISSN: 1572-9419
Julkaisuvuosi: 2023
Ilmestymispäivä: 27.05.2023
Volyymi: Early online
Kustantaja: Springer
Julkaisumaa: Yhdysvallat (USA)
Julkaisun kieli: englanti
DOI: https://doi.org/10.1007/s10796-023-10404-7
Julkaisun avoin saatavuus: Avoimesti saatavilla
Julkaisukanavan avoin saatavuus: Osittain avoin julkaisukanava
Julkaisu on rinnakkaistallennettu (JYX): https://jyx.jyu.fi/handle/123456789/87287
Tiivistelmä
IS literature has identified various economic, performance, and environmental factors affecting cybersecurity investment decisions. However, economic modeling approaches dominate, and research on cybersecurity performance as an antecedent to investments has taken a backseat. Neglecting the role of performance indicators ignores real-world concerns driving actual cybersecurity investment decision-making. We investigate two critical aspects of cybersecurity performance: breach costs and breach identification source, as antecedents to cybersecurity investment decisions. We use organizational learning to theorize how performance feedback from these two aspects of cybersecurity breaches influences subsequent investment decisions. Using firm-level data on 722 firms in the UK, we find that higher breach costs are more likely to elicit increases in cybersecurity investments. This relationship is further strengthened if a third party identifies the breach instead of the focal firm. We contribute to the literature on cybersecurity investments and incident response. The findings stress the need for firms to analyze aspects of their cybersecurity performance and use them as feedback for investment decisions, making these decisions data-driven and based on firm-specific needs.
YSO-asiasanat: kyberturvallisuus; oppiva organisaatio; tietoturva; tieto- ja viestintärikokset
Vapaat asiasanat: cybersecurity investment; cybersecurity breach; cybersecurity performance; breach identifcation; breach cost; organizational learning
Liittyvät organisaatiot
OKM-raportointi: Kyllä
Raportointivuosi: 2023
Alustava JUFO-taso: 2