Advanced search
Publication Cover
Journal of Management Information Systems Volume 40, 2023 - Issue 4
Journal homepage
779
Views
1
CrossRef citations to date
0
Altmetric
Research Article

Information Technology Innovativeness and Data-Breach Risk: A Longitudinal Study

Qian Wanga Faculty of Business Administration, University of Macau, Taipa, Macau, P.R. ChinaCorrespondence[email protected]
View further author information
,
Eric W. T. Ngaib Department of Management and Marketing, The Hong Kong Polytechnic University, Hong Kong, P.R. ChinaView further author information
,
Daniel Pientac Haslam College of Business, University of Tennessee, Knoxville, TN, USAView further author information
&
Jason Bennett Thatcherd Fox School of Business, Temple University, Philadelphia, PA, USAView further author information
Pages 1139-1170 | Published online: 11 Dec 2023

References

  • Abrahamson, E. Management fashion. Academy of Management Review, 21, 1 (1996), 254–285.
  • Akey, P.; Lewellen, S.; and Liskovich, I. Hacking corporate reputations. Rotman School of Management Working Paper, 2018. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3143740.
  • Angst, C.M.; Block, E.S.; D’Arcy, J.; and Kelley, K. When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quarterly, 41, 3 (2017), 893–916.
  • Argote, L.; and Miron-Spektor, E. Organizational learning: From experience to knowledge. Organization Science, 22, 5 (2011), 1123–1137.
  • Attewell, P. Technology diffusion and organizational learning: The case of business computing. Organization Science, 3, 1 (1992), 1–19.
  • Atuahene-Gima, K.; and Li, H. Strategic decision comprehensiveness and new product development outcomes in new technology ventures. Academy of Management Journal, 47, 4 (2004), 583–597.
  • Alexander, J.A. Adaptive change in corporate control practices. Academy of Management Journal, 34, 1 (1991), 162–193.
  • Azadegan, A.; Patel, P.C.; and Parida, V. Operational slack and venture survival. Production and Operations Management, 22, 1 (2013), 1–18.
  • Baldwin, D.J.; Buckley, J.P.; and Slaugh, D.R. Insuring against privacy claims following a data breach. Penn State Law Review, 122 (2017), 683.
  • Beckman, C.M.; and Haunschild, P.R. Network learning: The effects of partners’ heterogeneity of experience on corporate acquisitions. Administrative Science Quarterly, 47, 1 (2002), 92–124.
  • Benaroch, M.; and Chernobai, A. Operational IT failures, IT value-destruction, and board-level IT governance changes. MIS Quarterly, 41, 3 (2017), 729–762.
  • Castrogiovanni, G.J. Environmental munihcence; a theoretical assessment. Academy of Management Review, 16, 3 (1991), 542–565.
  • Chau, P.Y.; and Tam, K.Y. Factors affecting the adoption of open systems: An exploratory study. MIS Quarterly (1997), 21, 1 ( 1997), 1–24.
  • Cheng, L.; Liu, F., and Yao, D.D. Enterprise data breach: Causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7, 5 (2017), e1211.
  • Cheng, Z.; Rai, A.; Tian, F.; and Xu, S.X. Social learning in information technology investment: The role of board interlocks. Management Science, 67, 1 (2021), 547–576.
  • Colwill, C. Human factors in information security: The insider threat–Who can you trust these days? Information Security Technical Report, 14, 4 (2009), 186–196.
  • Cram, W.A.; D’arcy, J.; and Proudfoot, J.G. Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43, 2 (2019), 525–554.
  • D’Arcy, J.; Herath, T.; and Shoss, M.K. Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31, 2 (2014), 285–318.
  • D’Arcy, J.; Adjerid, I.; Angst, C.M.; and Glavas, A. Too good to be true: Firm social performance and the risk of data breach. Information Systems Research, 31, 4 (2020), 1–45.
  • D’Arcy, J.; and Teh, P.-L. Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information & Management, 56, 7 (2019), 103151.
  • Daft, R.L.; and Macintosh, N.B. A tentative exploration into the amount and equivocality of information processing in organizational work units. Administrative Science Quarterly ( 1981), 26, 2 (1981), 207–224.
  • Dess, G.G.; and Beard, D.W. Dimensions of organizational task environments. Administrative Science Quarterly, 29, 1 (1984), 52–73.
  • DiMaggio, P.J.; and Powell, W.W. The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48, 2 (1983), 147–160.
  • Dodgson, M. Organizational learning: A review of some literatures. Organization Studies, 14, 3 (1993), 375–394.
  • Duy, P.T.; Hien, D.T.T.; Hien, D.H.; and Pham, V.-H. A survey on opportunities and challenges of Blockchain technology adoption for revolutionary innovation. In Proceedings of the Ninth International Symposium on Information and Communication Technology, 2018, pp. 200–207.
  • Edmondson, A.C.; Bohmer, R.M.; and Pisano, G.P. Disrupted routines: Team learning and new technology implementation in hospitals. Administrative Science Quarterly, 46, 4 (2001), 685–716.
  • Esposito, C.; Castiglione, A.; Martini, B.; and Choo, K.-K.R. Cloud manufacturing: Security, privacy, and forensic concerns. IEEE Cloud Computing, 3, 4 (2016), 16–22.
  • Fichman, R.G.; and Kemerer, C.F. The assimilation of software process innovations: An organizational learning perspective. Management Science, 43, 10 (1997), 1345–1363.
  • Fichman, R.G. The role of aggregation in the measurement of IT-related organizational innovation. MIS Quarterly, 35,4 (2001), 427–455.
  • Fichman, R.G. Real options and IT platform adoption: Implications for theory and practice. Information Systems Research, 15, 2 (2004), 132–154.
  • Fifarek, B.J.; Veloso, F.M.; and Davidson, C.I. Offshoring technology innovation: A case study of rare-earth technology. Journal of Operations Management, 26, 2 (2008), 222–238.
  • Fiol, C.M.; and Lyles, M.A. Organizational learning. Academy of Management Review, 10, 4 (1985), 803–813.
  • Fleming, L. Recombinant uncertainty in technological search. Management Science, 47, 1 (2001), 117–132.
  • Gamache, D.L.; Neville, F.; Bundy, J.; and Short, C.E. Serving differently: CEO regulatory focus and firm stakeholder strategy. Strategic Management Journal, 41, 7 (2020), 1305–1335.
  • Greenwood, B.N.; Agarwal, R.; Agarwal, R.; and Gopal, A. The role of individual and organizational expertise in the adoption of new practices. Organization Science, 30, 1 (2019), 191–213.
  • Gruschka, N.; and Jensen, M. Attack surfaces: A taxonomy for attacks on cloud services. in 2010 IEEE 3rd International Conference on Cloud Computing: IEEE, 2010, pp. 276–279.
  • Guillén, M.F.; and Capron, L. State capacity, minority shareholder protections, and stock market development. Administrative Science Quarterly, 61, 1 (2016), 125–160.
  • Gurbaxani, V.; and Whang, S. The impact of information systems on organizations and markets. Communications of the ACM, 34, 1 (1991), 59–73.
  • Gwebu, K.L.; Wang, J.; and Wang, L. The role of corporate reputation and crisis response strategies in data breach management. Journal of Management Information Systems, 35, 2 (2018), 683–714.
  • Haislip, J.; Lim, J.-H.; and Pinsker, R. The impact of executives’ IT expertise on reported data security breaches. Information Systems Research, 32, 2 (2021), 318–334
  • Haislip, J.Z.; and Richardson, V.J. The effect of CEO IT expertise on the information environment: Evidence from earnings forecasts and announcements. Journal of Information Systems, 32, 2 (2018), 71–94.
  • Hao, H.; Padman, R.; Sun, B.; and Telang, R. Quantifying the impact of social influence on the information technology implementation process by physicians: A hierarchical Bayesian learning approach. Information Systems Research, 29, 1 (2018), 25–41.
  • Heckman, J.J. Sample selection bias as a specification error. Econometrica: Journal of the Econometric Society (1979), 47, 1 ( 1979), 153–161.
  • Higgs, J.L.; Pinsker, R.E.; Smith, T.J.; and Young, G.R. The relationship between board-level technology committees and reported security breaches. Journal of Information Systems, 30, 3 (2016), 79–98.
  • Hilary, G.; Segal, B.; and Zhang, M.H. Cyber-Risk Disclosure: Who Cares? Georgetown McDonough School of Business Research Paper, 2016. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2852519.
  • Huber, G.P. Organizational learning: The contributing processes and the literatures. Organization Science, 2, 1 (1991), 88–115.
  • Iacovou, C.L.; Benbasat, I.; and Dexter, A.S. Electronic data interchange and small organizations: Adoption and impact of technology. MIS Quarterly, 19, 4 (1995), 465–485.
  • Jacobs, B.W.; Swink, M.; and Linderman, K. Performance effects of early and late Six Sigma adoptions. Journal of Operations Management, 36 (2015), 244–257.
  • Janakiraman, R.; Lim, J.H.; and Rishika, R. The effect of a data breach announcement on customer behavior: Evidence from a multichannel retailer. Journal of Marketing, 82, 2 (2018), 85–105.
  • Jones, T. The Cognyte Cloud Data Breach — 5 Billion Records Leaked. https://medium.com/nerd-for-tech/the-cognyte-cloud-data-breach-5-billion-records-leaked-86a7114cef06. Accessed 2023-Oct-25.
  • Kamiya, S.; Kang, J.-K.; Kim, J.; Milidonis, A.; and Stulz, R.M. Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics, 139, 3 (2020), 719–749.
  • Keats, B.W.; and Hitt, M.A. A causal model of linkages among environmental dimensions, macro organizational characteristics, and performance. Academy of Management Journal, 31, 3 (1988), 570–598.
  • Kim, K.; Gopal, A.; and Hoberg, G. Does product market competition drive CVC investment? Evidence from the US IT industry. Information Systems Research, 27, 2 (2016), 259–281.
  • Kim, S.H.; and Kwon, J. How Do EHRs and a Meaningful Use Initiative Affect Breaches of Patient Information? Information Systems Research, 30, 4 (2019), 1184–1202.
  • King, J.L.; Gurbaxani, V.; Kraemer, K.L.; McFarlan, F.W.; Raman, K.; and Yap, C.-S. Institutional factors in information technology innovation. Information Systems Research, 5, 2 (1994), 139–169.
  • Kwon, J.; Ulmer, J.R.; and Wang, T. The association between top management involvement and compensation and information security breaches. Journal of Information Systems, 27, 1 (2012), 219–236.
  • Kwon, J., and Johnson, M.E. Proactive Versus Reactive Security Investments in the Healthcare Sector. MIS Quarterly, 38, 2 (2014), p.451-A3.
  • Kwon, J.; and Johnson, M.E. Meaningful Healthcare Security: Does “Meaningful-Use” Attestation Improve Information Security Performance? MIS Quarterly, 42, 4 (2018), 1043–1067.
  • Lending, C.; Minnick, K.; and Schorno, P.J. Corporate governance, social responsibility, and data breaches. Financial Review, 53, 2 (2018), 413–455.
  • Levitt, B.; and March, J.G. Organizational learning. Annual Review of Sociology, 14, 1 (1988), 319–338.
  • Li, H.; Yoo, S.; and Kettinger, W.J. The roles of IT strategies and security investments in reducing organizational security breaches. Journal of Management Information Systems, 38, 1 (2021), 222–245.
  • Li, J.; Netessine, S.; and Koulayev, S. Price to compete … with many: How to identify price competition in high-dimensional space. Management Science, 64, 9 (2018), 4118–4136.
  • Li, J.; Li, M.; Wang, X.; and Thatcher, J.B. Strategic directions for AI: The role of CIOs and boards of directors. MIS Quarterly, 45, 3 (2021), 1603-1644.
  • Li, M. Exploring novel technologies through board interlocks: Spillover vs. broad exploration. Research Policy, 50, 9 (2021), 104337.
  • Liu, C.-W.; Huang, P.; and Lucas, H.C. Centralized IT decision making and cybersecurity breaches: Evidence from US higher education institutions. Journal of Management Information Systems, 37, 3 (2020), 758–787.
  • Lyytinen, K.; and Rose, G.M. The disruptive nature of information technology innovations: The case of internet computing in systems development organizations. MIS Quarterly, 27,4 (2003), 557–596.
  • Mackelprang, A.W.; Habermann, M.; and Swink, M. How firm innovativeness and unexpected product reliability failures affect profitability. Journal of Operations Management, 38 (2015), 71–86.
  • Maksimov, V.; Wang, S.L.; and Yan, S. Global connectedness and dynamic green capabilities in MNEs. Journal of International Business Studies, 53, 4 (2019), 1–18.
  • March, J.G. Exploration and exploitation in organizational learning. Organization Science, 2, 1 (1991), 71–87.
  • McLeod, A.; and Dolezel, D. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems, 108 (2018), 57–68.
  • Mendelson, H.; and Pillai, R.R. Clockspeed and informational response: Evidence from the information technology industry. Information Systems Research, 9, 4 (1998), 415–433.
  • Milliken, F.J. Three types of perceived uncertainty about the environment: State, effect, and response uncertainty. Academy of Management Review, 12, 1 (1987), 133–143.
  • Miloslavskaya, N.; and Tolstoy, A. Internet of things: Information security challenges and solutions. Cluster Computing, 22, 1 (2019), 103–119.
  • Mithas, S.; Tafti, A.; and Mitchell, W. How a firm’s competitive environment and digital strategic posture influence digital business strategy. MIS Quarterly, 37, 2 (2013), 511–536.
  • Mitra, S.; and Ransbotham, S. Information disclosure and the diffusion of information security attacks. Information Systems Research, 26, 3 (2015), 565–584.
  • Nordlund, J. The role of experience in the director labor market: Evidence from cybersecurity events. Working paper, Louisiana State University, 2019.
  • Phelps, C.; Heidl, R.; and Wadhwa, A. Knowledge, networks, and knowledge networks: A review and research agenda. Journal of Management, 38, 4 (2012), 1115–1166.
  • Potter, L.E.; and Vickers, G. What skills do you need to work in cyber security? A look at the Australian market. In Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research, 2015, pp. 67–72.
  • Powell, W.W.; Koput, K.W.; and Smith-Doerr, L. Interorganizational collaboration and the locus of innovation: Networks of learning in biotechnology. Administrative Science Quarterly, 41, 1 (1996), 116–145.
  • Priem, R.L.; Li, S.; and Carr, J.C. Insights and new directions from demand-side approaches to technology innovation, entrepreneurship, and strategic management research. Journal of Management, 38, 1 (2012), 346–374.
  • Ransbotham, S.; Fichman, R.G.; Gopal, R.; and Gupta, A. Special section introduction—ubiquitous IT and digital vulnerabilities. Information Systems Research, 27, 4 (2016), 834–847.
  • Rizzoni, A. Technological innovation and small firms: A taxonomy. International Small Business Journal, 9, 3 (1991), 31–42.
  • Robey, D.; Ross, J.W.; and Boudreau, M.-C. Learning to implement enterprise systems: An exploratory study of the dialectics of change. Journal of Management Information Systems, 19, 1 (2002), 17–46.
  • Sabherwal, R.; Sabherwal, S.; Havakhor, T.; and Steelman, Z. How does strategic alignment affect firm performance? The roles of information technology investment and environmental uncertainty. MIS Quarterly, 43, 2 (2019), 453–474
  • Schabus, M. Do director networks help managers forecast better? The Accounting Review, 97, 2 (2022), 397–426.
  • Schaumont, P. Security in the Internet of Things: A challenge of scale. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017: IEEE, 2017, pp. 674–679.
  • Schneier, B. Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, 2015.
  • Sen, R.; and Borle, S. Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems, 32, 2 (2015), 314–341.
  • Souder, W.E.; and Moenaert, R.K. Integrating marketing and R&D project personnel within innovation projects: An information uncertainty model. Journal of Management Studies, 29, 4 (1992), 485–512.
  • Srinivasan, R.; and Swink, M. An investigation of visibility and flexibility as complements to supply chain analytics: An organizational information processing theory perspective. Production and Operations Management, 27, 10 (2018), 1849-1867.
  • Stock, G.N.; and Tatikonda, M.V. The joint influence of technology uncertainty and interorganizational interaction on external technology integration success. Journal of Operations Management, 26, 1 (2008), 65–80.
  • Swanson, E.B. Information systems innovation among organizations. Management Science, 40, 9 (1994), 1069–1092.
  • Swanson, E.B.; and Ramiller, N.C. Innovating mindfully with information technology. MIS Quarterly, 28, 4 (2004), 553–583.
  • Takabi, H.; Joshi, J.B.; and Ahn, G.-J. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8, 6 (2010), 24–31.
  • Tatikonda, M. V.; and Rosenthal, S. R. Successful execution of product development projects: The effects of project management formality, autonomy, and resource flexibility. In Academy of Management Proceedings: Academy of Management Briarcliff Manor, NY 10510, 1999, pp. B1–B6.
  • Tatikonda, M.V.; and Montoya-Weiss, M.M. Integrating operations and marketing perspectives of product innovation: The influence of organizational process factors and capabilities on development performance. Management Science, 47, 1 (2001), 151–172.
  • Terza, J.V.; Basu, A.; and Rathouz, P.J. Two-stage residual inclusion estimation: Addressing endogeneity in health econometric modeling. Journal of Health Economics, 27, 3 (2008), 531–543.
  • Thong, J.Y.; and Yap, C. Information technology adoption by small business: An empirical study. Diffusion and Adoption of Information Technology. Springer, 1996, pp. 160–175.
  • Tian, F.; and Xu, S.X. How do enterprise resource planning systems affect firm risk? Post-implementation impact. MIS Quarterly, 39, 1 (2015), 39–60.
  • Turner, S.F.; and Rindova, V.P. Watching the clock: Action timing, patterning, and routine performance. Academy of Management Journal, 61, 4 (2018), 1253–1280.
  • Tuschke, A.; Sanders, W.G.; and Hernandez, E. Whose experience matters in the boardroom? The effects of experiential and vicarious learning on emerging market entry. Strategic Management Journal, 35, 3 (2014), 398–418.
  • Tushman, M.L.; and Nadler, D.A. Information processing as an integrating concept in organizational design. Academy of Management Review, 3, 3 (1978), 613–624.
  • UCLA. UCLA Health Data Notice. https://www.uclahealth.org/data-notice. Accessed 2023-Oct-25
  • Wang, P.; and Ramiller, N.C. Community learning in information technology innovation. MIS Quarterly (2009), 709–734.
  • Wilson, P. Positive perspectives on cloud security. Information Security Technical Report, 16, 3–4 (2011), 97–101.
  • Wong, C.Y.; Boon-Itt, S.; and Wong, C.W. The contingency effects of environmental uncertainty on the relationship between supply chain integration and operational performance. Journal of Operations Management, 29, 6 (2011), 604–615.
  • Xue, L.; Ray, G.; and Gu, B. Environmental uncertainty and IT infrastructure governance: A curvilinear relationship. Information Systems Research, 22, 2 (2011), 389–399.
  • Xue, L.; Ray, G.; and Sambamurthy, V. Efficiency or innovation: How do industry environments moderate the effects of firms’ IT asset portfolios? MIS Quarterly, 36, 2 (2012), 509–528.
  • Xue, L.; Ray, G.; and Zhao, X. Managerial incentives and IT strategic posture. Information Systems Research, 28, 1 (2017), 180–198.
  • Zhu, K. Information transparency of business-to-business electronic markets: A game-theoretic analysis. Management Science, 50, 5 (2004), 670–685.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.