Firms' information security investment decisions: Stock market evidence of investors' behavior

Authors:
Sangmi Chai;Minkyun Kim;H. Raghav Rao
Affiliations:
Division of Business Administration, College of Business, Sangmyung University, Korea;Department of Business Management and Economics, College of Social Science, Dongduk Women's University, Korea;Department of Management Science & Systems, School of Management, SUNY at Buffalo, United States
Venue:
Decision Support Systems
Year:
2011

Citing 20
Cited 2

Software economics: a roadmap

Proceedings of the Conference on The Future of Software Engineering
A resource-based perspective on information technology capability and firm performance: an empirical investigation

MIS Quarterly
The economics of information security investment

ACM Transactions on Information and System Security (TISSEC)
Research Report: A Reexamination of IT Investment and the Market Value of the Firm--An Event Study Methodology

Information Systems Research
The Impact of E-Commerce Announcements on the Market Value of Firms

Information Systems Research
The economic cost of publicly announced information security breaches: empirical evidence from the stock market

Journal of Computer Security - IFIP 2000
Bringing security home: a process for developing secure and usable systems

Proceedings of the 2003 workshop on New security paradigms
The two sides of ROI: return on investment vs. risk of incarceration

Communications of the ACM - Transforming China
Budgeting process for information security expenditures

Communications of the ACM - Personal information management
Sample-Based Quality Estimation of Query Results in Relational Database Environments

IEEE Transactions on Knowledge and Data Engineering
An analysis of the traditional IS security approaches: implications for research and practice

European Journal of Information Systems
Market reactions to E-business outsourcing announcements: an event study

Information and Management
ERP Investments and the Market Value of Firms: Toward an Understanding of Influential ERP Project Variables

Information Systems Research
The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers

International Journal of Electronic Commerce
The Shareholder-Wealth and Trading-Volume Effects of Information-Technology Infrastructure Investments

Journal of Management Information Systems
Towards a standard approach for quantifying an ICT security investment

Computer Standards & Interfaces
An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price

IEEE Transactions on Software Engineering
The value relevance of announcements of transformational information technology investments

MIS Quarterly
Cost-Benefit analysis of security investments: methodology and case study

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
An economic modelling approach to information security risk management

International Journal of Information Management: The Journal for Information Professionals

A hybrid information system model for trust in e-government initiative adoption in public sector organisation

International Journal of Business Information Systems
Market Value Impacts of Information Technology Enabled Supply Chain Management Initiatives

Information Resources Management Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the information society, it is important for firms to manage their core information resources securely. However, the difficulty of measuring the return on an IT security investment is one of the critical obstacles for firms in making such investment decisions. By utilizing event methodology, this study examines the value of an investment in IT security, based on stock market investors' behavior toward a firms' IT security investment announcements. Based on a sample of 101 investment announcements of firms whose stocks are publicly traded in the U.S. stock market between 1997 and 2006, we find substantial support for the hypotheses that information security investment leads to positive abnormal returns for firms. Interestingly, security investments with commercial exploitation tend to result in higher returns than those for IT security improvement. Another interesting finding is that stock market reaction to security investments shows higher abnormal returns after the Sarbanes-Oxley Act (SOX) than any of those before it.