Abstract
With the rapid development of information technology, information security has been gaining attention. The International Organization for Standardization (ISO) has issued international standards and technical reports related to information security, which are gradually being adopted by enterprises. This study analyzes the relationship between information security certification (ISO 27001) and corporate financial performance using data from Chinese publicly listed companies. The study focusses on the impact of corporate decisions such as whether to obtain certification, how long to hold certification, and whether to publicize information regarding certification. The results show that there is a positive correlation between ISO 27001 and financial performance. Moreover, the positive impact of ISO 27001 on financial performance gradually increases with time. In addition, choosing not to publicize ISO 27001 certification can negatively affect enterprise performance.
Highlights
The rapid development and wide application of information technology can facilitate companies’ information management; it creates security challenges (Yaokumah, et al, 2019)
This study proposes that obtaining International Standards Organization (ISO) 27001 certification helps companies to improve financial performance
There is a positive correlation between obtaining information security management system certification and enterprise performance (Hypothesis One)
Summary
The rapid development and wide application of information technology can facilitate companies’ information management; it creates security challenges (Yaokumah, et al, 2019). Information security management system certification ISO 27001 was issued in response to the business need for information technology and security management. Information security management is playing an increasingly important role for enterprises in creating a competitive advantage. Information security risk has unique characteristics in location, degree, and visibility, which cannot be fully solved by traditional insurance investment strategies (Gordon, 2003; Peng, et al, 2019). In this context, ISO 27001 standard provides an authoritative and effective institutional basis for the information security market and is, an important entry point in the information security management of enterprises
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
