Cybersecurity Breaches and the Role of Information Technology Governance in Audit Committee Charters

Abstract

ABSTRACTCybersecurity is a serious and growing risk for organizations. Firms with board of director involvement in information technology governance (ITG) may be better equipped to deal with this risk. Yet little is known about the audit committee's role in ITG. This study uses efficiency and institutional theories to investigate the influence of security breaches and board-level technology committees on disclosing ITG roles in the audit committee charter. We develop hypotheses and test them using a sample of 189 firms. Results show that firms with a technology committee and a data breach are more likely to disclose ITG roles in the audit committee charter. This suggests that firms experiencing a data breach realize their vulnerability and, by already having oversight at the board level, it is more natural for them to increase oversight by assigning ITG roles to the audit committee. We provide implications and areas for future research.