Abstract
ABSTRACT After several high-profile data security breaches (e.g., Target Corporation, Michaels Stores, Inc., The Home Depot), corporate boards are prioritizing the oversight of Information Technology (IT) risk. Firms are also increasingly faced with disclosure decisions regarding IT security breaches. This study proposes that firms can use the creation of a board-level technology committee as part of the firm's information technology governance (ITG) to signal the firm's ability to detect and respond to security breaches. Using reported security breaches during the time period 2005–2014, results indicate that firms with technology committees are more likely to have reported breaches in a given year than are firms without the committee. Further analysis suggests that this positive association is driven by relatively young technology committees and external source breaches. Specifically, as a technology committee becomes more established, its firm is not as likely to be breached. To obtain further evidence on the perceived value of a technology committee, this study uses a returns analysis and finds that the presence of a technology committee mitigates the negative abnormal stock returns arising from external breaches. Findings add to the evolving ITG literature, as well to the signaling theory and disclosure literatures.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
