Information Technology Innovativeness and Data-Breach Risk: A Longitudinal Study

The adoption of new Information Technology (IT) innovations has led to increased uncertainty among employees, a greater demand for security measures, and more entry points for cyber-attacks, which all increase the risk of data breaches for firms. Despite the prevalence of discussions around this iss...

Full description

Saved in:
Bibliographic Details
Published inJournal of management information systems Vol. 40; no. 4; pp. 1139 - 1170
Main Authors Wang, Qian, Ngai, Eric W. T., Pienta, Daniel, Thatcher, Jason Bennett
Format Journal Article
LanguageEnglish
Published Abingdon Routledge 02.10.2023
Taylor & Francis Ltd
Subjects
Change management
Companies
Computer security
corporate boards
Cybersecurity
data breach
Data integrity
Empirical analysis
environmental uncertainty
information security
Information technology
Innovations
IT expertise
IT innovativeness
IT security
Learning
Managers
Organizational learning
Risk analysis
Risk assessment
Security
Technological change
Uncertainty
Online AccessGet full text

Cover

More Information
Summary:The adoption of new Information Technology (IT) innovations has led to increased uncertainty among employees, a greater demand for security measures, and more entry points for cyber-attacks, which all increase the risk of data breaches for firms. Despite the prevalence of discussions around this issue, there has been a lack of empirical research examining the data breach risk associated with IT innovations. To address this gap, we have developed arguments based on an organizational learning theoretical framework that explains how IT innovativeness can exacerbate data breach risk. Through our analysis of a sample of data breaches that occurred between 2013 and 2021, we have discovered that there is a positive association between firm IT innovativeness and the risk of data breaches. We also find that the effects of IT innovativeness can vary under certain conditions. For example, we find that the positive relationship between IT innovativeness and data breach risk is mitigated when managers possess IT expertise or when firms have established extensive board connections with cybersecurity managers. Moreover, we find that the relationship between IT innovativeness and data breach risk is amplified in complex environments but not in dynamic or munificent ones. This study takes the lead in advancing the theoretical understanding and empirical validation of security-related risks associated with IT innovations. Moreover, our findings serve as a timely reminder for research and practice to carefully consider the implications of introducing novel technologies into firms and the potential dark side consequences that may arise. Additionally, this study underscores the importance of understanding organizational learning in risk assessment and change management, as well as the critical role of contextual factors in moderating the unintended security-related consequences linked to IT innovations.
ISSN:0742-1222
1557-928X
DOI:10.1080/07421222.2023.2267319