Cong Feng,Pankaj C. Patel,Scott Fay

DOI: https://doi.org/10.1080/07421222.2021.1962599

IF: 7.582

2021-07-03

Journal of Management Information Systems

Abstract:Drawing on the resource-based view (RBV) of the firm and the top management team (TMT) structural power framework, we investigate the relationship between Chief Information Officer (CIO) structural power and forward-looking firm performance. In addition, we examine the contingency roles of market turbulence, industry IT intensity, and operating efficiency in shaping the above relationship. Using a sample of 7,185 firm-year observations and a panel fixed-effects model, we find that CIO structural power is positively associated with forward-looking firm performance (proxied by Tobin’s q). Further, our results suggest that the benefits of CIO structural power are higher under greater market turbulence, higher industry IT intensity, and greater operating efficiency. Our empirical results imply that the board of directors should consider endowing CIOs with a higher structural power, especially when an organization faces greater volatility in industry sales, competes in a more IT-intensive industry, and operates at a more efficient level. This research contributes to the RBV literature and integrates RBV and structural power frameworks to offer newer insights into the contemporary role of an important TMT member, the CIO.

information science & library science,management,computer science, information systems

Kholekile L. Gwebu,Jing Wang,Li Wang

DOI: https://doi.org/10.1080/07421222.2018.1451962

IF: 7.582

2018-01-01

Journal of Management Information Systems

Abstract:Despite the significant financial losses associated with data breaches, little is known about the (in)effectiveness of the tools that firms have to protect their value following a breach. Drawing on cognitive dissonance theory and the research on cue diagnosticity and crisis management, this study examines the relative efficacy of firm reputation and a range of post-breach response strategies. The results indicate that firm reputation is an important asset in protecting firm value. However, only certain response strategies are found to mitigate the negative financial impact of a breach on lower-reputation firms, and response strategies are found to matter less for high-reputation firms. These findings offer practitioners evidence-based guidance for protecting firm value following data breaches and underscore the need for developing more nuanced strategies for managing breaches. The theoretical arguments developed here serve as a conceptual base for examining the efficacy of various data breach response strategies.

Shuili Du,Kholekile L. Gwebu,Jing Wang,Kun Yu

DOI: https://doi.org/10.17705/1cais.05414

2024-01-01

Communications of the Association for Information Systems

Abstract:This paper aims to identify breach- and firm-level characteristics that may account for the heterogenous stock market reaction to data breaches. Drawing upon the screening theory, this paper examines the possibility of three breach characteristics (breach severity, breach locus, and breach controllability) and two firm attributes (CEO stock ownership, and corporate social responsibility (CSR) performance) serving as information screens to influence stock market reaction to a data breach incident. Using an archival dataset compiled from multiple sources, we examine 607 data breaches from 2004 to 2018 and find that the stock market reacts more negatively if a breach is more severe (i.e., involving more data records and financially sensitive consumer data), controllable (i.e., could have been prevented), and if the breached firm has weak corporate governance, as indicated by low CEO stock ownership. Furthermore, CSR provides “insurance-like” protection by attenuating the negative effects of breach severity, breach controllability, and poor corporate governance on firm value. The findings of this research highlight the relevance of screening theory as a theoretical lens for examining the contextual dependence of stock market reaction to data breaches on key breach- and firm-level characteristics.

Kholekile L. Gwebu,Jing Wang,Wenjuan Xie

2014-01-01

Abstract:To estimate the cost of a data breach to the inflicted firm, this study examines the relationship between a breach incident and changes in the inflicted firm’s profitability, perceived risk, and the inflicted firms’ information environment transparency. Profitability is measured as reported earnings and analysts’ earnings forecasts. Perceived risk is measured as reported stock return volatility and dispersion among analysts’ forecasts. Although a number of studies have investigated the stock market reaction surrounding the disclosure of a breach incident to quantify the cost associated with breaches, we argue that there exists information uncertainty and deficiency in the disclosure of the breach incident and stock market reaction surrounding a security breach announcement date may not be the best measure for the cost of security breaches. And research using other complementary measures is warranted. Our preliminary finding suggests that data breaches negatively impact firm profitability, perceived risk and information transparency. Nevertheless, the damage of a breach most likely stems from direct costs such as compensation and litigation costs rather than indirect costs such as tarnished reputation and a decrease in market share and sales. More sophisticated analysts are also found to add value in estimating the real cost of a security breach.

Dan Song,Dong Li,Lingyun Qiu

DOI: https://doi.org/10.1007/s11782-010-0116-x

2010-01-01

Frontiers of Business Research in China

Abstract:This study investigates the impact of CIO's presence in an organization's top management team (TMT) on the contribution of information technology (IT) to corporate innovation. A new theoretical model is proposed based on the literature review. Through a survey of 120 CIOs of Chinese companies, we examine a series of hypotheses developed based on this model. Our findings reveal significant influences of CIO's presence in the TMT on IT's contribution to corporate innovations. The findings also suggest that such impacts are mediated by TMT's IT knowledge. Furthermore, we find the significant moderating role of TMT's risk appetite, i.e., when the executives are more willing to take risks, the relationship between CIO's participation in TMT and the importance of IT to innovation is more significant. Theoretical contributions and practical implications of these findings are also discussed.

Juan Manuel Sanchez,Rod Smith,Vernon J. Richardson,Pankaj Setia,Rodney E. Smith

DOI: https://doi.org/10.2139/ssrn.3192082

2018-01-01

SSRN Electronic Journal

Abstract:The chief information officer (CIO) is responsible for bridging the gap between two critical domains—technology and business, making the CIO’s job uniquely different from other executives. As digital technologies become increasingly important to firms’ competitive success, boards of directors and senior executives seek to align the CIO role with overall firm’s objectives. Agency theory suggests that one way to create the alignment between an executive’s efforts and firm performance is to implement appropriate equity compensation incentives (i.e., those resulting from stock and stock options) tying the executive’s wealth to firm value. To date, research does not address what factors a firm should consider when designing CIO incentives and how these incentives influence firm performance. To address this major gap, we examine both the antecedents and performance consequences of CIO equity incentives. We assess organizational, environmental, and individual factors that influence CIO equity incentives and find that environmental and organizational factors are more important than individual CIO characteristics in the determination of CIO equity incentives. We also find that firms that create higher CIO equity incentives realize greater subsequent accounting and market performance. Our research contributes to the IT personnel literatures by showing how firms can use compensation policies to leverage the CIO role to enhance overall business performance.

Katsiaryna Siamionava,Sabyasachi Mitra,George Westerman

DOI: https://doi.org/10.1177/10591478241266524

IF: 4.638

2024-07-26

Production and Operations Management

Abstract:Achieving cognitive coordination in cross-functional teams is a perennial challenge in organizations. It is especially challenging in the context of information systems, where strategic alignment remains a top concern of leaders despite decades of research on the topic. In this study, we develop and empirically validate a theoretical model that explores the role of communicating about performance metrics in fostering cognitive coordination between the Chief Information Officer (CIO) and top management team (TMT). Building on a theoretical lens of transactive memory systems, we hypothesize how the use of unit-specific metrics of information technology (IT) performance and collective metrics of organizational performance can differentially influence mutual trust and shared understanding in the CIO–TMT relationship. Through a survey of 268 CIOs, an experiment with 106 participants using a novel IT leadership game, and an algorithmic analysis of 3200+ articles in a trade publication, we find that communications using narrowly focused IT unit metrics improve mutual trust between the CIO and the TMT, while communications using broader organizational metrics (along with mutual trust) increase shared understanding of IT's role in improving organizational performance. Our multimethod study adds an important new facet to the rich literature on IT strategic alignment as well as the use of performance metrics in operations management. We discuss its implications for both theory and practice in improving cognitive coordination among the CIOs and TMT. Our model and findings are also relevant to other cross-functional teams where specialized individuals must collaborate to achieve collective goals.

operations research & management science,engineering, manufacturing

Zhen Shao,Yuqiang Feng,Jyoti Choudrie,Yang Liu

2010-01-01

Abstract:With the uncertainty of market environment and variety of customer requirements, an increasing number of organizations are implementing Information Systems(IS) to improve their competitive advantage, and large amounts of firms' annual revenues are invested in Information Technology (IT) resources each year. However, research findings determining the impacts of IT on firm performance reveal conflicting results, which leads to an "IT productivity paradox". Drawing upon Resource Based View(RBV) and Knowledge Based View(KBV), this paper analyzes the important role that a Chief Information Officer (CIO) has in IS implementation and deployment, and proposes a conceptual model to examine the moderating effect of CIO's competence on IT investment and organization performance. By analyzing the existing managerial competence framework, CIO's competence has been reconceptualised and divided into six sub-dimensions. The moderating effect of each competence has been illustrated and six hypotheses have correspondingly been established. It is proposed that a research methodology encompassing open and closed ended question surveys will be pursued to examine the model, and their theoretical and practical implications are discussed. The main contribution of this research paper is the re conceptualization of a CIO's competence and a theoretical conceptual model based on RBV and KBV to explain the phenomenon of "IT productivity paradox".

Serdar Turedi

DOI: https://doi.org/10.1080/10580530.2019.1696589

2019-12-02

Information Systems Management

Abstract:We investigate the impact of board monitoring on information technology (IT) investment, and the chief information officer (CIO) presence’ role on this relationship. We argue that firms with a vigilant board of directors will devote greater funds to IT. The results indicate that the outside directors’ ratio positively influences IT investment, but the chief executive officer duality negatively influences it. Further, the CIO presence weakens the relationship between the outside directors’ ratio and IT investment.

computer science, information systems

Junmin Xu,Wei Thoo Yue,Alvin Chung Man Leung,Qin Su

DOI: https://doi.org/10.1016/j.dss.2024.114252

IF: 6.969

2024-01-01

Decision Support Systems

Abstract:In an era of growing social activism, companies engaged in socially irresponsible practices are increasingly vulnerable to data breaches, resulting in substantial reputational and financial losses. This study examines how corporate social irresponsibility (CSI) influences a company's data breach risk. We argue that CSI has an impact on data breach risk by influencing the intentional behaviors of both employees and external hackers. Given that CSI is a broad concept and can take on various forms, we further examine whether some forms of CSI pose a more significant threat than others. Our empirical analysis of data breaches in publicly listed US firms from 2005 to 2017 indicates that compared to the forms of CSI that violate broader social norms (e.g., environmental damages), CSI activities that jeopardize a company's economic value delivery (e.g., product deficiencies) play a more dominant role in driving data breach risk. Furthermore, we find that corporate social responsibility (CSR) can have a dual impact on moderating the relationship between CSI and data breaches. While CSR often helps mitigate CSI-induced data breach risk, this risk is heightened when both CSR and CSI relate to a firm's economic value delivery. This study provides critical insights into how companies can navigate complex data breach risk by managing their social performance.

Wilson Li,Alvin Leung,Wei Yue,,,

DOI: https://doi.org/10.25300/misq/2022/15713

IF: 7.3

2023-03-01

MIS Quarterly

Abstract:Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches.

information science & library science,management,computer science, information systems

Kurt Schobel,James S. Denford

DOI: https://doi.org/10.2308/isys-50321

2012-10-01

Journal of Information Systems

Abstract:ABSTRACT Within the domain of Information Technology Governance (ITG), the study of Chief Information Officer (CIO) relationships has historically focused on the Chief Executive Officer (CEO) and the Top Management Team (TMT). Within knowledge-intensive, publicly funded, and not-for-profit organizations, the specific relationship between the CIO and the Chief Financial Officer (CFO) is a critical pairing, which impacts both individual effectiveness and strategic alignment. Findings from multiple case studies suggest that while the CIO and CFO pair are similar to other TMT relationships in many ways, their perceptions of the other's strategic role within the organization is a key differentiator that can lead to effective or adversarial relationships with individual and firm-level outcomes. The research model in this paper suggests that when the relationship is positive, both individual role effectiveness and strategic alignment improve.

business, finance

Jason K. Deane,David M. Goldberg,Terry R. Rakes,Loren P. Rees

DOI: https://doi.org/10.1007/s10799-018-00297-3

2019-01-01

Information Technology and Management

Abstract:Information security management has increasingly been recognized as one of the major business challenges of the last decade. While security research has widely recognized that breaches are detrimental to business value, the other side of the equation has received little attention. The literature on the value impact of proactive financial investments into information security management infrastructure and policy is very limited. Unlike most information technology investments, reinforcements to information security management programs suggest a reduction of a firm’s risk of damages in future attacks rather than an improvement in a firm’s revenue generation. Furthermore, contemporary information security management represents a process-based shift in a firm’s operations. In light of the unique information security risks faced by modern firms, we posit several hypotheses related to the value created from information security management program investments. We then present an empirical examination of the effects of information security management program investments on shareholder value. We use a firm’s successful completion of the ISO 27001 certification requirements as evidence of its commitment to developing a robust information security management program. Based on 111 public announcements, we find that the associated abnormal stock market reaction is both positive and statistically significant. We further control for firms’ industries, sizes, and dates of certification, and we find that they all affect the mean abnormal returns observed. This study demonstrates the capacity for information security management program investments to generate value for firms and further offers guidance for practitioners seeking to maximize shareholder value.

information science & library science,management

Varun Grover,Seung-Ryul Jeong,William J. Kettinger,Choong C. Lee

DOI: https://doi.org/10.1080/07421222.1993.11518002

IF: 7.582

1993-09-01

Journal of Management Information Systems

Abstract:This study investigates the managerial roles of the chief information officer (CIO) based on Mintzberg’s classic managerial role model. Our findings indicate that CIOs differ from manufacturing and sales executives in the relative importance they place on managerial roles. This difference does not exist between CIOs and finance executives or between CIOs and information systems (IS) middle managers. As IS management matures, the spokesman and liaison role of the CIO becomes more important. Surprisingly, as IS matures, the strategic responsibilities entitled in the monitor and entrepreneur roles of the CIO do not become more important. However, it was found that the more centralized the IS resource, the greater the CIO’s role in acting as a spokesman, environmental monitor, and resource allocator. The results of this study have implications for management development, training, and the career planning of IS management.

information science & library science,management,computer science, information systems

He Li,Sungjin Yoo,William J. Kettinger

DOI: https://doi.org/10.1080/07421222.2021.1870390

IF: 7.582

2021-01-02

Journal of Management Information Systems

Abstract:<span>This research examines the joint effects of information technology (IT) strategies and security investments on organizational security breaches. We focus on two forms of IT strategies: digitalization and embeddedness in IT outsourcing networks. Our longitudinal analysis of U.S. hospitals demonstrates that IT security investments reduce security breaches in less digitalized organizations but increase security breaches for highly digitalized organizations. Investing in technical network control security systems such as anti-virus and intrusion detection systems reduces external breaches. Implementing identity and access management security systems such as biometric scanning and user authentication decreases internal breaches but increases external breaches. However, organizations' embeddedness in IT outsourcing networks weakens the impacts of these technologies investments on external breaches but amplifies the negative relationship between identity and access management security systems and internal breaches. Our results offer an alternative understanding of organizational IT security investments and explain contrary results found in prior studies. Practical guidelines on organizational IT security strategies are discussed.</span>

information science & library science,management,computer science, information systems

Dong Li,Fang Ding,Juhua Wu

2012-01-01

Abstract:This research draws upon the upper echelon theory to examine the relationship between role effectiveness of the Chief Information Officer (CIO) and organizational innovative usage of information systems (IS). A large-scale sample survey was conducted in Chinese organizations. Results from 129 CIOs and senior business executives provide robust evidence about the impacts of CIO strategic role effectiveness (i.e., IS strategist and information strategist) on organizational innovative usage of IS. Further, we find the intensity of relationship is much stronger in the organizations that articulate a transform IS vision. However, the operational role effectiveness (i.e., IT manager, integrator, and IS contract oversight) was not found to have significant impacts on organizational innovative usage of IS across all strategic IS visions. The relationship between operational role effectiveness and organizational innovative usage of IS is completely mediated by strategic role effectiveness. Surprisingly, the strongest relationship between operational role effectiveness and strategic role effectiveness occurs only in the organizations that espouse a transform IS vision. This research provides practitioners with a deeper understanding of organizational innovative usage of IS from the perspective of IS leadership.

Daniel Qi Chen,Yanlin Zhang,Jinghua Xiao,Kang Xie

DOI: https://doi.org/10.1287/isre.2021.1008

IF: 4.9

2021-01-01

Information Systems Research

Abstract:We encourage chief information officers (CIOs) to play more active roles in organizational level strategy making in the digital era and examine how CIOs could lead their organizations’ digital innovation initiatives. We propose that it is the CIO’s effectiveness in issue selling (i.e., the acts that are directed toward affecting top management teams’ (TMT) attention to and understanding of strategic issues), rather than his or her structural position, that directly influences the level of organizational digital innovation success. Nevertheless, CIO structural power should not be overlooked because it could amplify (i.e., positively moderate) the impact of CIO issue selling to digital innovation outcomes. In addition, we identify four enabling forces of CIO issue selling effectiveness: (1) CIO strategic decision-making authority, (2) CIO/TMT partnership, (3) CIO information technologies (IT)–related strategic knowledge, and (4) CIO political savvy. Matched-pair survey data collected from senior business and IT executives of 179 organizations largely support the research hypotheses.

Tahereh Hasani,Norman O’Reilly,Ali Dehghantanha,Davar Rezania,Nadège Levallet

DOI: https://doi.org/10.1007/s43546-023-00477-6

2023-04-27

SN Business & Economics

Abstract:Cyberattacks negatively impact the performance of enterprises all around the globe. While organizations invest more in cybersecurity to avoid cyberattacks, studies on the factors affecting their overall cybersecurity adoption and awareness are sparse. In this paper, by integrating the diffusion of innovation theory (DOI), technology acceptance model (TAM), and technology-organization-environment (TOE) with the balanced scorecard approach, we propose a comprehensive set of factors that influence cybersecurity adoption and assess the effects of these factors on organizational performance. Data are collected through a survey of IT experts in small and medium-sized enterprises (SMEs) in the United Kingdom, with 147 valid responses. Structural equation modeling based on a statistical package for the social sciences (SPSS) was used to assess the model. The findings identify and confirm the importance of eight factors affecting SMEs&#x27; cybersecurity adoption. Moreover, cybersecurity technology adoption is found to positively impacts organizational performance. The proposed framework depicts variables influencing cybersecurity technology adoption and assesses their importance. The outcomes of this study provide a basis for future research and can be adopted by IT and cybersecurity managers to identify the most appropriate cybersecurity technologies that positively impact their company&#x27;s performance.

Christina Y. Jeong,Sang-Yong Tom Lee,Jee-Hae Lim

DOI: https://doi.org/10.1016/j.im.2018.11.003

2019-07-01

Abstract:In current business climate, a firm’s information systems security is no longer independent from the industry’s broader security environment. A question arises, then, whether stock market values reflect the interdependence of security breaches and investments. In this paper, we used the event study methodology to investigate how a firm’s security breaches and IT security investments influence its competitors. We collected and reviewed 118 information security breaches and 98 IT security investment announcements from 2010 to 2017. We found substantial evidence supporting our hypothesis that information security breaches do, indeed, have a competition effect: when one firm is breached, its competitors have opportunities to absorb market power. For the IT security investment announcements, however, we observed the positive externalities, or contagion effect, in play: market investors feel that the security investments made by one firm increase the security level of the entire network, and hence, competitors also get benefits. Additionally, we found that the competition effect was higher when the breaches occurred after the preceding security investments than when there were no preceding investments before the breaches.

information science & library science,management,computer science, information systems

Nenad Jevtić,Ibrahim Alhudaidi

DOI: https://doi.org/10.5937/sjem2302048j

2023-01-01

Serbian Journal of Engineering Management

Abstract:Information security is a key aspect of organizations' operations in today's digital age. This paper aims to analyze the importance of information security for organizations, investigating its impact on preserving the integrity, confidentiality and availability of data. Organizations are increasingly faced with complex challenges in explaining cyber threats, which emphasizes the necessity of implementing effective information security strategies. Effective data protection is the key to maintaining the trust of clients and partners, reducing financial losses and preserving the organization's reputation. In addition, information security has a significant impact on maintaining a competitive advantage, allowing organizations to innovate without fear of data loss or privacy breaches. A secure infrastructure also provides a foundation for compliance with regulatory requirements, thereby reducing the risk of legal consequences. Considering the rapid development of technology and increasingly sophisticated cyber threats, organizations face the constant challenge of adapting their security strategies. Employee education is becoming a key component of the overall information security system, and organizations that invest resources in training and security awareness have a better ability to respond to potential threats. Information security is becoming a necessary pillar of modern business, protecting organizations from cyber risk, enhancing their reputation and providing the foundation for long-term success.