Corporate Information Security Investment Decisions

This article describes how with information security steadily moving up on board room agendas, security programs are found to be under increasing scrutiny by practitioners. This level of attention by senior business leaders is new to many security professionals as their field has been of limited interest to non-executive directors so far. Currently, they have to regularly report on efficiency and value of their security capabilities whilst being measured against business priorities. Based on the Grounded Theory approach, the authors analysed the data gathered in a series of interviews with senior professionals in order to identify key factors in the context of information security investment decisions. The authors present detailed findings in context of a simplified framework that security practitioners can utilise for critical review or improvements of investment decisions in their own environments. Extensive details for each category as extracted through a qualitative data analysis are provided along with a category network analysis that highlights strong relationships within the framework.

The Effect of Data Theft on a Firm’s Short-Term and Long-Term Market Value

The prevalence of the internet as firm’s primary channel of operations and marketing in recent decades has made information security management a critical issue for firms. Yet, previous research on the information security issue have mostly focused on the impact of information security events on firms’ short-term value. Their impact on firms’ long-term value is rarely analyzed. Corporate managers have also largely dismissed the negative long-term impact of information security breaches by considering them as accidental and arguing that their frequency in recent years has instigated a sense of numbness in customers to their regards. Consequently, managers have paid little attention to information security investments. To assess the importance of information security investment, this study examines short-term and long-term stock market assessment of data breaches events at publicly traded companies. The findings of this study offer new insights for firms in assessing information security investment.