Firms' information security investment decisions: Stock market evidence of investors' behavior

Decision Support Systems

Volumn 50, Issue 4, 2011, Pages 651-661

  Chai, Sangmi ^a   Kim, Minkyun ^b   Rao, H Raghav ^c  

^a Sangmyung University   (South Korea)

^b Dongduk Women's University   (South Korea)

^c UNIVERSITY AT BUFFALO   (United States)

Author keywords

Abnormal returns; Event methodology; Information security investment; Investors' behavior; Market value; Sarbanes Oxley Act (SOX)

Indexed keywords

ABNORMAL RETURNS; EVENT METHODOLOGY; INFORMATION SECURITY INVESTMENT; INVESTORS' BEHAVIOR; MARKET VALUES; SARBANES-OXLEY ACT;

COMMERCE; INDUSTRY; INFORMATION SCIENCE; INFORMATION TECHNOLOGY; SECURITY OF DATA; SECURITY SYSTEMS;

INVESTMENTS;

EID: 79151484723     PISSN: 01679236     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.dss.2010.08.017     Document Type: Article

References (64)

1. A. Acquisti, A. Friedman, and R. Telang Is there a cost to privacy breaches? An event study the International Conference of Information Systems (ICIS) 2006 Milwaukee, WI.
2. M. Agrawal, R. Kishore, and H.R. Rao Market reactions to e-business outsourcing announcements: an event study Information Management 43 7 2006 861 873
3. S. Armitage Event study methods and evidence on their performance Journal of Economic Surveys 9 1 1995 25 52
4. D. Ballou, C.-S. In, and R. Wang Sample-based quality estimation of query results in relational database environments IEEE Transactions on Knowledge and Data Engineering 18 5 2006 639 650
5. H. Berghel The two sides of ROI: return on investment vs. risk of incarceration Communications of the ACM 48 4 2005 15 21
6. S. Berinato Finally, real return on security spending CIO 2002
7. A. Bharadwaj A resource-based perspective on information technology capability and firm performance: an empirical investigation MIS Quarterly 24 1 2000 169 196
8. B.W. Boehm, and K.J. Sullivan Software economics: a roadmap Proceedings of the Conference on The Future of Software Engineering 2000 ACM, Limerick Ireland
9. R. Bojanc, and B. Jerman-Blazic An economic modeling approach to information security risk management International Journal of Information Management 28 5 2008 413 422
10. R. Bojanc, and B. Jerman-Blazic Towards a standard approach for quantifying an ICT security investment Computer & Standards Interface 30 4 2008 216 222
11. S. Brown, and J. Warner Using daily stock returns: the case of event studies Journal Financial Economics 14 1 1985 3 31
12. Software evaluation: Security attributes evaluation method: a cost-benefit approach The 24th International Conference on Software Engineering S.A. Butler 2002
13. K. Campbell, L. Gordon, M. Loeb, and L. Zhou The economic cost of publicly announced information security breaches: empirical evidence from the stock market Journal of Computer Security 11 3 2003 431 448
14. N. Carr IT doesn't matter Harvard Business Review 81 5 2003 41 49
15. H. Cavusoglu, B. Mishra, and S. Raghunathan The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers International Journal of Electronic Commerce 9 1 2004 70 104
16. D. Chatterjee, C. Pacini, and V. Sambamurthy The shareholder wealth and trading volume effects of IT infrastructure investments Journal Management Information Systems 19 2 2002 7 43
17. CIO PricewaterhouseCoopers, the state of information security CIO Research Report Volume 2003 DOI
18. CISSP forum, I.k.i.s. forum, Top information security risks for 2008 in: C.p.b.p.i.s. communities (Ed.), (2007), pp. 1-8.
19. C. Corrado, and T. Zivney The specification and power of the sign test in event study hypothesis tests using daily stock returns Journal of Financial and Quantitative Analysis 27 3 1992 465 478
20. A. Cowan Nonparametric event study tests Review of Quantitative Finance and Accounting 2 1992 343 358
21. S. Das, P. Sen, and S. Sengupta Impact of strategic alliances on firm valuation Academy of Management Journal 41 1 1998 27 41
22. B. Dehning, V. Richardson, and R. Zmud The value relevance of announcements of transformational information technology investments MIS Quarterly 27 4 2003 637 656
23. A. Diromualdo, and V. Gurbaxani Strategic intent for IT outsourcing Sloan Management Review 39 4 1998 67 80
24. W. Dixon, and A. Mood The statistical sign test Journal of the American Statistical Association 41 236 1946 557 566
25. B. Dos Santos, D. Peffers, and D. Mauer The impact of information technology investment announcements on the market value of the firm Information Systems Research 4 1 1993 1 23
26. B. Elango When does cross-border acquisition of insurance firms lead to valuecreation Journal of Risk Finance 7 4 2006 402 414
27. E.F. Fama Foundations of Finance 1970 Basic Books Inc. New York, NY
28. E.F. Fama, L. Fisher, M.C. Jense, and R. Roll The adjustments of stock prices to new information International Econonic Review 10 1 1969 1 21
29. A.I. Flechais, A. Sasse, and S. Hailes Bringing security home: a process for developing secure and usable systems The 2003 Workshop on New Security Paradigms 2003 ACM Press Ascona, Switzerland 49 57
30. D. Freeny, and L. Willcocks Core IS capabilities for exploiting information technology Sloan Management Review 39 3 1998 9 21
31. G.A. Office, Information Security Risk Assessment, in: A.a.I.M. Division (Ed.), (General Accounting Office, 1999), pp. 1-48.
32. A. Ghose, and U. Rajan The economic impact of regulatory information disclosure on information security investments, competition, and social welfare Workshop on Economics of Information Security 2006 Robinson College, University of Cambridge England
33. L. Gordon, M. Loeb, W. Lucyshyn, The annual CSI/FBI computer crime and security survey, in: CSI (Ed.), (2005), pp. 26.
34. L. Gordon, and M. Loeb The economics of information security investment ACM Transactions on Information and System Security 5 4 2002 438 457
35. L. Gordon, and M. Loeb Budgeting process for information security expenditure Communications of the ACM 29 1 2006 121 126
36. L. Gordon, M. Loeb, and W. Lucyshyn An economic perspective on the sharing of information related to security breaches: concepts and empirical evidence The 1st Workshop on Economics and Information Security 2002 Berkeley, CA
37. D. Hayes, J. Hunton, and J. Reck Market reaction to ERP implementation announcements Journal of Information Systems 15 1 2001 3 18
38. G. Henderson Problems and solutions in conducting event studies The Journal of Risk and Insurance 57 2 1990 282 306
39. K. Hoo Tangible ROI through secure software engineering Secure Business Quarterly 2001 Fourth Quarter
40. A. Hovav, and J. D'arcy The impact of denial-of-service attack announcements on the market value of firms Risk Management and Insurance Review 6 2 2003 97 121
41. A. Hovav, and J. D'arcy The impact of virus attack announcements on the market value of firms Information Systems Security 13 3 2005 32 40
42. R. Hunter, M. Blosch, Managing the new IT risks, in: E. Premier (Ed.), (Gartner, 2003), pp. 10.
43. K. Im, K. Dow, and V. Grover A reexamination of IT investment and market value of the firm: an event study methodology Information Systems Research 12 1 2001 103 117
44. A. Keown, J. Martin, J. Petty, and D. Scott Financial Management: Principles and Applications 2004 Prentice Hall NJ
45. S. Kim, and H. Lee Cost-benefit analysis of security investments: methodology and case study ICCSA 2005, LNCS 3482 2005 1239 1248
46. W. Liu, H. Tanaka, and K. Maysuura An empirical analysis of security investment in countermeasures based on an enterprise survey in Japan The Fifth Workshop on the Economics of Information Security 2006 WEIS University of Cambridge, England
47. K. Loch, H. Carr, and M. Warkentin Threats to information systems: today's reality Yesterday's Understanding MIS Quarterly 16 2 1992 173 186
48. C. Loderer, and D. Mauer Corporate dividends and seasoned equity issues: an empirical investigation The Journal of Finance 47 1 1992 201 225
49. A. Mackinlay Event studies in economics and finance Journal of Econonic Literature 35 1 1997 13 39
50. B. Malkiel The efficient market hypothesis and its critics The Journal of Economic Perspectives 17 1 2003 59 82
51. A. McWilliams, and D. Siegel Event studies in management research: theoretical and empirical issues Academy of Management Journal 40 3 1997 626 657
52. M. Muoghalu, H. Robinson, and J. Glascock Hazardous waste lawsuits, stockholder returns, and deterrence Sourthern Econonic Journal 57 2 1990 357 370
53. K. Parmar Informations systems control Justifying Investment in Security 4 2003 4
54. S. Purser Improving the ROI of the security management process Computers and Security 23 7 2004 542 546
55. C. Ranganathan, and C. Brown ERP Investments and the Market Value of Firms: Toward an Understanding of Influential ERP Project Variables Information Systems Research 17 2006 145 161
56. R. Sabherwal, and S. Sabherwal Knowledge management using information technology: determinants of short-term impact on firm value Decision Sciences 36 4 2005 531 568
57. E. Schultz Sarbanes-Oxley-a huge boon to information security in the US Computer Security 23 2004 353 354
58. M. Siponen An analysis of the traditional IS security approaches: implications for research and practice European Journal of Information Systems 14 3 2005 303 315
59. M. Subramani, and E. Walden The impact of E-commerce announcements on the market value of firms Information Systems Research 12 2 2001 135 154
60. R. Tealng, and S. Wattal An empirical analysis of the impact of software vulnerability announcements on firm stock price IEEE Transactions on Software Engineering 33 8 2007 547 557
61. G. Tellis, and P. Golder First to market, first to fail? Real causes of enduring market leadership Sloan Management Review 37 2 1996 65 75
62. Freedonia, Freedonia Focus on Information Security 2004 The Freedonia Group, Inc Cleveland, Ohio
63. R. Willison, and J. Backhouse Opportunities for computer crime: considering systems risk from a criminological perspective European Journal of Information Systems 15 2006 403 414
64. A. Yayla, and Q. Hu The impact of security breaches on the value of stocks: a short-term vs. long-term perspective The Annual Conference of IS in Asia-Pacific 2005 Las Vegas, NV.