Can You See It Coming? How Disclosure and Corporate Social Responsibility Activity Predict Cybersecurity Breach

Doctoral Candidate Name: 
Marcy Binkley
Program: 
Business Administration: DBA
Abstract: 

This dissertation explores the cybersecurity risk disclosure and the information an organization signals via disclosure contents. Extant literature acknowledges the ability of the cybersecurity risk disclosure to predict subsequent related outcome (i.e., realization of breach incident). However, little research has addressed whether the disclosure signals important information about the IT Risk Culture governing the organization. To fill this gap, I examine cybersecurity risk disclosures using textual analysis and clustering techniques to analyze the IT Risk Culture of a sample of organizations between the years 2011 – 2019. Three classifications of IT Risk Culture are identified. I find that a certain IT Risk Culture, evidenced by the vulnerability and the propensity for risk transfer (i.e. cybersecurity insurance) expressed in the cybersecurity risk disclosure, is associated with subsequent cybersecurity breach. Additionally, the disclosure of Corporate Social Responsibility activity is found to be associated with a second classification of IT Risk Culture, one in which there is no significant association with subsequent cybersecurity breach. This dissertation contributes to holistic risk management literature by employing a systems perspective of IT Risk Culture to analyze related disclosures. Findings contribute greatly to the understanding of IT Risk Culture classification, predominant risk response behavior and the likelihood of subsequent related outcomes.

Defense Date and Time: 
Monday, April 12, 2021 - 10:00am
Defense Location: 
Zoom
Committee Chair's Name: 
Dr. Laura Stanley
Committee Members: 
Dr. Marcia Watson, Dr. Gregory Martin, Dr. Chandra Subramaniam