Impact of information security investment on security incidents: Organizational perspectives

Hansol Lee, Eunkyung Kweon, Sangmi Chai

Research output: Contribution to journalArticlepeer-review

Abstract

Protecting valuable information is a critical issue in business world today. However due to the lack of empirical evidences, confirming direct relationship between information security investments and security incidents is not easy. Therefore, firms are not certain about making an investment decision. Based on this circumstance, this study examines organizational area that is receiving growing attention as influential area in decreasing information security incidents. This study inspects the impact of chief information security officer, top management support, security culture of organization and employees’ information security awareness on information security incidents. Based on 2474 organizations data, this study confirms that CSO, top management’s support and information security awareness are negatively associated with the number of information security incidents. In addition, the results of this study indicate that the impact of CSO and top management’s support has more impact on reducing incidents compared with that of employees’ information security awareness and information security culture.

Original languageEnglish
Pages (from-to)25-45
Number of pages21
JournalJP Journal of Heat and Mass Transfer
Volume2019
Issue numberSpecial Issue 1
DOIs
StatePublished - Oct 2019

Keywords

  • Information security
  • Information security awareness
  • Information security culture
  • Investment on information security

Cite this