Litcius/Paper detail

The Roles of IT Strategies and Security Investments in Reducing Organizational Security Breaches

He Li, Sung-jin Yoo, William J. Kettinger

2021Journal of Management Information Systems55 citationsDOI

Abstract

This research examines the joint effects of information technology (IT) strategies and security investments on organizational security breaches. We focus on two forms of IT strategies: digitalization and embeddedness in IT outsourcing networks. Our longitudinal analysis of U.S. hospitals demonstrates that IT security investments reduce security breaches in less digitalized organizations but increase security breaches for highly digitalized organizations. Investing in technical network control security systems such as anti-virus and intrusion detection systems reduces external breaches. Implementing identity and access management security systems such as biometric scanning and user authentication decreases internal breaches but increases external breaches. However, organizations’ embeddedness in IT outsourcing networks weakens the impacts of these technologies investments on external breaches but amplifies the negative relationship between identity and access management security systems and internal breaches. Our results offer an alternative understanding of organizational IT security investments and explain contrary results found in prior studies. Practical guidelines on organizational IT security strategies are discussed.

Topics & Concepts

BusinessInformation securityOutsourcingSecurity managementSecurity information and event managementData breachInformation security managementCertified Information Security ManagerEmbeddednessCloud computing securitySecurity serviceComputer securityNetwork security policyMarketingFinanceComputer scienceCloud computingSociologyAnthropologyOperating systemInformation and Cyber SecurityCybercrime and Law Enforcement StudiesPrivacy, Security, and Data Protection