Impact of information security investment on security incidents: Organizational perspectives

Protecting valuable information is a critical issue in business world today. However due to the lack of empirical evidences, confirming direct relationship between information security investments and security incidents is not easy. Therefore, firms are not certain about making an investment decision. Based on this circumstance, this study examines organizational area that is receiving growing attention as influential area in decreasing information security incidents. This study inspects the impact of chief information security officer, top management support, security culture of organization and employees’ information security awareness on information security incidents. Based on 2474 organizations data, this study confirms that CSO, top management’s support and information security awareness are negatively associated with the number of information security incidents. In addition, the results of this study indicate that the impact of CSO and top management’s support has more impact on reducing incidents compared with that of employees’ information security awareness and information security culture.