• Information Systems Review
• /
• v.9 no.1
• /
• pp.105-120
• /
• 2007

With the fast development of the Internet and the increasing dependence on information infrastructures, companies are faced with various information security threats such as information leakages, modifications, and information breaches. South Korea is one of the leading countries in the Internet usage, but is ranked relatively low when it comes to information security. In fact, many Korean firms have suffered financial losses and damaged corporate images from the information security breaches. However, because of the difficulties in quantifying the costs of the information security breaches, Korean companies tend to delay their investment decisions on information security. The purpose of this study is to measure the cost of information security breach and the economic value of security investment using the event study methodology. Our results show that the announcement of an information security breach negatively influenced the market value of the corresponding company. The effect was statistically significant at the significance level of p=0.05. The breached companies lose, on average, 0.86% of their market values on the day of the announcement - an average loss in market capitalization of $55 million. On the other hand, the investment on information security had no effect on the stock price or the market value of the firm.

• Asia pacific journal of information systems
• /
• v.24 no.4
• /
• pp.531-557
• /
• 2014

Although the area of information security planning and management has gained an increased attention, not much discussion was available on the role and the impact of the board members towards a firm's security management and governance decisions. In this research, we draw on corporate governance and the organizational demography literature to conduct an exploratory empirical study on the association between the board structure of a firm and the possibility of information security breaches. Our results show that the board size, the average age/tenure and the heterogeneity of age could reduce the possibility of security breaches while the proportion of independent directors and the heterogeneity of tenure could increase it. Our findings shed lights on the important role played by the board when managing information security risks in organizations.