Investigating security investment impact on firm performance
Purpose – The purpose of this study is to propose to use the economic value added to measure firm performance against information security investments. Design/methodology/approach – The authors develop a conceptual framework to capture non information technology (IT)-related and IT-related security investment factors and propose to study their holistic influences on firm performance. Findings – The authors propose 14 propositions to understand the relationship between security investments and firm performance. Research limitations/implications – The authors propose a validation process to guide future research to further empirically capture all needed data and analyze the proposed relationships. Practical implications – Managers can view security investment from a more comprehensive perspective and understand how to potentially contribute each of the non IT-related and IT-related factors to firm performance. Originality/value – This is one of the early attempts studying information security investment vs firm performance from a comprehensive conceptual angel.