Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.6.1207

Information Security Investment and Security Breach: Empirical Study on the Reverse Causality  

Shin, Ilsoon (Inha University)
Jang, Wonchang (Inha University)
Park, Heeyoung (Inha University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.6, 2013 , pp. 1207-1217 More about this Journal
Abstract
This study utilizes raw data from "Research on the actual condition of firms' information security" of KISA (2010) and constructs panel dataset to analyze a causal relationship between information security investment and security breach. Using Difference in Difference estimation method we find the following results. First, while the usual causality that information security investment reduces security breach is not supported, the reverse causality that security breach increases information security investment is well explained. Second, contrary to the conventional wisdom, firms in the finance/insurance business sector show the most significant reverse causality pattern.
Keywords
Information Security Investment; Security Breach; Difference-in-Differences; Reverse Causality;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Parker, D. B. "The Strategic Values of Information Security in Business," Computers & Security, Vol. 16, No. 7, pp. 572-582, 1997.   DOI   ScienceOn
2 H. K. Kong and T. S. Kim, "Research Trends in the Effect of Information Security Investment," Review of KIISC, Vol. 17 No. 4, pp. 26-33, 2007.
3 Kotulic, A. G. and J. G. Clark "Why there aren't more information security research studies," Information & Management, Vol. 41, Issue 5, pp. 597-607, 2004.   DOI   ScienceOn
4 Gordon, L. A. and Loeb, M. P., "The Economics of Information Security Investment," ACM Transactions on Information and System Security, Vol. 5, No. 4, pp. 438- 457, 2002.   DOI
5 Whitman, Michael E., "Enemy at the gate: Threats to information security," Communications of the ACM, Vol. 46, No. 8, pp. 91-95, 2003.
6 Boss, Scott, "Control, Risk, and Information Security Precautions," PhD Dissertation, Katz Graduate School of Business, University of Pittsburgh, 2007.
7 S. W. Ko and N. H. Kwon, "The Effect of Government Subsidy on Private IT R&D Investment," Korea Information Society Development Institute, 2005.
8 Madrian, Brigitte C. and Dennis F. Shea. "The Power of Suggestion: Inertia in 401(k) Participation and Savings Behavior," Quarterly Journal of Economics, Vol. 116, No. 4, pp. 1149-1187, 2001.   DOI   ScienceOn
9 Korea Internet and Security Agency, "2010 Survey on Information Security (Business)," Korea Internet and Security Agency, 2011.
10 K. W. Kim, "A Study on the Effect of Government R&D Subsidy on Firm-level Performance," Korea Development Institute, 2008-07, 2008.
11 DellaVigna, Stefano "Psychology and Economics: Evidence from the Field," Journal of Economic Literature, Vol. 47, No. 2, pp. 315-372, 2009.   DOI   ScienceOn